From 8fcdad43064afb187823680022711b8d3a1bb533 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Fri, 29 Aug 2008 15:49:06 +0000
Subject: [PATCH] safer handling of temporary files with open_basedir (thanks
 to Thijs Kinkhorst)

---
 ChangeLog                | 1 +
 libraries/File.class.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 8876a93d7..3708a4e62 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@ $Id$
 $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
 
 2.11.10.0 (not yet released)
+- [core] safer handling of temporary files with open_basedir (thanks to Thijs Kinkhorst)
 
 2.11.9.0 (2008-08-28)
 - bug #2031221 [auth] Links to version number on login screen 
diff --git a/libraries/File.class.php b/libraries/File.class.php
index 9417d491d..642a2d3dd 100644
--- a/libraries/File.class.php
+++ b/libraries/File.class.php
@@ -560,7 +560,7 @@ class PMA_File
             return false;
         }
 
-        $new_file_to_upload = $GLOBALS['cfg']['TempDir'] . '/' . basename($this->getName());
+        $new_file_to_upload = tempnam(realpath($GLOBALS['cfg']['TempDir']), basename($this->getName()));
 
         // surpress warnings from beeing displayed, but not from beeing logged
         // any file access outside of open_basedir will issue a warning