diff --git a/ChangeLog b/ChangeLog index 68e50b980..6ed5a7cdd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -80,6 +80,7 @@ danbarry + [lang] Belarusian update, thanks to Jaska Zedlik + [lang] Norwegian update, thanks to Sven-Erik Andersen + [lang] Italian update, thanks to Luca Rebellato +- [core] safer handling of temporary files with open_basedir (thanks to Thijs Kinkhorst) 2.11.9.0 (2008-08-28) - bug #2031221 [auth] Links to version number on login screen diff --git a/libraries/File.class.php b/libraries/File.class.php index 138b841c7..da0252e7d 100644 --- a/libraries/File.class.php +++ b/libraries/File.class.php @@ -681,7 +681,7 @@ class PMA_File $tmp_filename = $GLOBALS['cfg']['UploadDir'] . '/' . $_REQUEST['fields_uploadlocal_' . $key]['multi_edit'][$primary]; $tmp_file = fopen($tmp_filename, 'r'); $tmp_file_size = filesize($tmp_filename); - + // check if fileinfo library exists if ($PMA_Config->get('FILEINFO_EXISTS')) { @@ -936,7 +936,7 @@ class PMA_File return false; } - $new_file_to_upload = $GLOBALS['cfg']['TempDir'] . '/' . basename($this->getName()); + $new_file_to_upload = tempnam(realpath($GLOBALS['cfg']['TempDir']), basename($this->getName())); // surpress warnings from beeing displayed, but not from beeing logged // any file access outside of open_basedir will issue a warning