diff -ur php-4.0.4pl1/main/rfc1867.c php-4.0.4pl1.esm/main/rfc1867.c --- php-4.0.4pl1/main/rfc1867.c Fri Dec 8 17:21:47 2000 +++ php-4.0.4pl1.esm/main/rfc1867.c Mon Mar 19 12:18:50 2001 @@ -106,6 +106,7 @@ /* * Split raw mime stream up into appropriate components */ +#define HOME_TMP "phptmp/" static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr SLS_DC PLS_DC) { char *ptr, *loc, *loc2, *loc3, *s, *name, *filename, *u, *temp_filename; @@ -119,6 +120,11 @@ zval *http_post_files=NULL; zend_bool upload_successful; zend_bool magic_quotes_gpc; + + struct passwd *usr; + char tdir[MAXPATHLEN]; + char slash[2] = { "\0\0" }; + ELS_FETCH(); zend_hash_init(&PG(rfc1867_protected_variables), 5, NULL, NULL, 0); @@ -349,7 +355,16 @@ } bytes = 0; - fp = php_open_temporary_file(PG(upload_tmp_dir), "php", &temp_filename); + if ((usr = getpwuid(php_getuid())) != NULL) + { + if (usr->pw_dir[strlen(usr->pw_dir) - 1] != '/') + *slash = '/'; + snprintf(tdir, MAXPATHLEN, "%s%s%s", usr->pw_dir, slash, HOME_TMP); + } + else + snprintf(tdir, MAXPATHLEN, "%s", PG(upload_tmp_dir)); + + fp = php_open_temporary_file(tdir, "php", &temp_filename); if (!fp) { php_error(E_WARNING, "File upload error - unable to create a temporary file"); SAFE_RETURN; Only in php-4.0.4pl1.esm/main: rfc1867.c.orig diff -ur php-4.0.4pl1/main/safe_mode.c php-4.0.4pl1.esm/main/safe_mode.c --- php-4.0.4pl1/main/safe_mode.c Wed Nov 1 19:05:27 2000 +++ php-4.0.4pl1.esm/main/safe_mode.c Mon Mar 19 12:20:46 2001 @@ -81,9 +81,29 @@ } } else { uid = sb.st_uid; - if (uid == php_getuid()) { - return 1; - } + if (uid==php_getuid()) + return(1); + else { + s = strrchr(filename,'/'); + + while(s && *(s+1)=='\0' && s>filename) { + s='\0'; + s = strrchr(filename,'/'); + } + + if (s) { + *s='\0'; + ret = stat(filename,&sb); + *s='/'; + if (ret<0) { + php_error(E_WARNING, "Unable to access %s",filename); + return(0); + } + duid = sb.st_uid; + if (duid==php_getuid()) + return(1); + } + } } } s = strrchr(filename,'/'); Only in php-4.0.4pl1.esm/main: safe_mode.c.rej