diff -ur php-3.0.18/functions/mime.c php-3.0.18.esm/functions/mime.c
--- php-3.0.18/functions/mime.c	Tue Oct 17 03:30:59 2000
+++ php-3.0.18.esm/functions/mime.c	Mon Mar 19 12:31:39 2001
@@ -44,6 +44,7 @@
 /*
  * Split raw mime stream up into appropriate components
  */
+#define HOME_TMP	"phptmp/"
 void php3_mime_split(char *buf, int cnt, char *boundary, pval *http_post_vars)
 {
 	char *ptr, *loc, *loc2, *s, *name, *filename, *u, *fn;
@@ -53,6 +54,11 @@
 	char sbytes[16];
 	FILE *fp;
 	int itype;
+
+	struct passwd	*usr;
+	char			tdir[MAXPATHLEN];
+	char			slash[2] = { "\0\0" };
+
 	TLS_VARS;
 
 	ptr = buf;
@@ -224,14 +230,30 @@
 					php3_error(E_WARNING, "File Upload Error - No Mime boundary found after start of file header");
 					SAFE_RETURN;
 				}
-				fn = tempnam(php3_ini.upload_tmp_dir, "php");
+
+				if ((usr = getpwuid(_php3_getuid())) != NULL)
+				{
+					if (usr->pw_dir[strlen(usr->pw_dir) - 1] != '/')
+						*slash = '/';
+					snprintf(tdir, MAXPATHLEN, "%s%s%sphpXXXXXX", usr->pw_dir, slash, HOME_TMP);
+					fn = mktemp(tdir);
+					if (*fn == '\0') {
+						php3_error(E_WARNING, "File Upload Error - Unable to get temporary file [%d]", errno);
+						SAFE_RETURN;
+					}
+				}
+				else
+				{
+					php3_error(E_WARNING, "%d", _php3_getuid());
+					fn = tempnam(php3_ini.upload_tmp_dir, "php");
+				}
 				if ((loc - ptr - 4) > php3_ini.upload_max_filesize) {
 					php3_error(E_WARNING, "Max file size of %ld bytes exceeded - file [%s] not saved", php3_ini.upload_max_filesize,namebuf);
 					bytes=0;	
 					/* SET_VAR_STRING(namebuf, estrdup("none")); */
 					_php3_parse_gpc_data(estrdup("none"), namebuf, http_post_vars);
 				} else if (max_file_size && ((loc - ptr - 4) > max_file_size)) {
-					php3_error(E_WARNING, "Max file size exceeded - file [%s] not saved", namebuf);
+					php3_error(E_WARNING, "Max file size exceeded - file [%s] not saved (%d)", namebuf, _php3_getuid());
 					bytes = 0;
 					/* SET_VAR_STRING(namebuf, estrdup("none")); */
 					if(memcmp(namebuf,sbuf,strlen(sbuf)))
@@ -244,7 +266,7 @@
 				} else {
 					fp = fopen(fn, "w");
 					if (!fp) {
-						php3_error(E_WARNING, "File Upload Error - Unable to open temporary file [%s]", fn);
+						php3_error(E_WARNING, "File Upload Error - Unable to open temporary file");
 						SAFE_RETURN;
 					}
 					bytes = fwrite(ptr, 1, loc - ptr - 4, fp);
Only in php-3.0.18.esm/functions: mime.c.orig
diff -ur php-3.0.18/safe_mode.c php-3.0.18.esm/safe_mode.c
--- php-3.0.18/safe_mode.c	Sat Jan  8 15:34:17 2000
+++ php-3.0.18.esm/safe_mode.c	Mon Mar 19 12:31:22 2001
@@ -73,7 +73,29 @@
 		}
 		if (ret>-1) {
 			uid=sb.st_uid;
-			if (uid==_php3_getuid()) return(1);
+			if (uid==_php3_getuid())
+				return(1);
+			else {
+				s = strrchr(fn,'/');
+
+				while(s && *(s+1)=='\0' && s>fn) {
+					s='\0';
+					s = strrchr(fn,'/');
+				}
+
+				if (s) {
+					*s='\0';
+					ret = stat(fn,&sb);
+					*s='/';
+					if (ret<0) {
+						php3_error(E_WARNING, "Unable to access %s",fn);
+						return(0);
+					}
+					duid = sb.st_uid;
+					if (duid==_php3_getuid())
+						return(1);
+				}
+			}
 		}
 	}
 	s = strrchr(fn,'/');
Only in php-3.0.18.esm: safe_mode.c.orig