summaryrefslogtreecommitdiff
blob: 91b0aaea312257062acf55c73058a8723ef2fffb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
--- ext/gd/gd.c	2005/01/17 17:07:47	1.294.2.11
+++ ext/gd/gd.c	2005/10/06 20:42:56	1.294.2.13
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */

-/* $Id: gd.c,v 1.294.2.11 2005/01/17 17:07:47 sniper Exp $ */
+/* $Id: gd.c,v 1.294.2.13 2005/10/06 20:42:56 iliaa Exp $ */

 /* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center,
    Cold Spring Harbor Labs. */
@@ -1726,7 +1726,7 @@ static void _php_image_output(INTERNAL_F
 	}

 	if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-		if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
+		if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
 			RETURN_FALSE;
 		}
@@ -1781,7 +1781,7 @@ static void _php_image_output(INTERNAL_F
 		char  buf[4096];
 		char *path;

-		tmp = php_open_temporary_file("", "", &path TSRMLS_CC);
+		tmp = php_open_temporary_file(NULL, NULL, &path TSRMLS_CC);
 		if (tmp == NULL) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open temporary file");
 			RETURN_FALSE;