From 47707d7613f2d11cf013a533060ea1df34708492 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Fri, 29 Aug 2008 15:49:06 +0000
Subject: [PATCH] safer handling of temporary files with open_basedir (thanks
 to Thijs Kinkhorst)

---
 ChangeLog                | 1 +
 libraries/File.class.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index e04f31228..33931402e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -74,6 +74,7 @@ danbarry
 + [lang] Belarusian update, thanks to Jaska Zedlik
 + [lang] Norwegian update, thanks to Sven-Erik Andersen
 + [lang] Italian update, thanks to Luca Rebellato
+- [core] safer handling of temporary files with open_basedir (thanks to Thijs Kinkhorst)
 
 2.11.9.0 (2008-08-28)
 - bug #2031221 [auth] Links to version number on login screen 
diff --git a/libraries/File.class.php b/libraries/File.class.php
index 117429f1b..b81d2de2a 100644
--- a/libraries/File.class.php
+++ b/libraries/File.class.php
@@ -543,7 +543,7 @@ class PMA_File
             return false;
         }
 
-        $new_file_to_upload = $GLOBALS['cfg']['TempDir'] . '/' . basename($this->getName());
+        $new_file_to_upload = tempnam(realpath($GLOBALS['cfg']['TempDir']), basename($this->getName()));
 
         // surpress warnings from beeing displayed, but not from beeing logged
         // any file access outside of open_basedir will issue a warning