From ad9bbf26abda3304f5658b0656d1ef6bc365a28a Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 11 Feb 2010 12:32:21 +0000
Subject: [PATCH] Fixed safe_mode validation inside tempnam() when the
 directory path does not end with a /).

---
 NEWS                | 2 ++
 ext/standard/file.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 63ae97d2726..f82d1f19f76 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,8 @@ PHP                                                                        NEWS
 - Added stream filter support to mcrypt extension (ported from 
   mcrypt_filter). (Stas)
 
+- Fixed safe_mode validation inside tempnam() when the directory path does
+  not end with a /). (Martin Jansen)
 - Fixed a possible open_basedir/safe_mode bypass in session extension
   identified by Grzegorz Stachowiak. (Ilia)
 - Fixed possible crash when a error/warning is raised during php startup.
diff --git a/ext/standard/file.c b/ext/standard/file.c
index 10f2c7961aa..704ef1231fb 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -836,7 +836,7 @@ PHP_FUNCTION(tempnam)
 		return;
 	}
 
-	if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+	if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 		RETURN_FALSE;
 	}