Recently we've experienced an issue regarding the safe mode check in
tempnam() which was introduced in r288945 4 months ago. When calling
tempnam("/tmp/foo"), with /tmp/foo being a directory, it turned out that
the safe mode UID check was performed on /tmp instead of /tmp/foo. When
calling tempnam("/tmp/foo/"), everything worked as expected. Changing
the mode parameter for the php_checkuid call from
CHECKUID_ALLOW_ONLY_DIR to CHECKUID_CHECK_FILE_AND_DIR fixes this issue.
A patch for PHP_5_2 is attached. Is the chosen approach correct? I
have been unable to come up with a fitting unit test because I could not
figure out how to create the necessary directory scaffolding in e.g.
/tmp with safe_mode=1 already being set in the --INI-- section of the test.
- Martin