diff --git a/ChangeLog b/ChangeLog index 323d34389..65bbd2cee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -74,7 +74,10 @@ danbarry + [lang] Belarusian update, thanks to Jaska Zedlik + [lang] Norwegian update, thanks to Sven-Erik Andersen + [lang] Italian update, thanks to Luca Rebellato -- [core] safer handling of temporary files with open_basedir (thanks to Thijs Kinkhorst) +- [core] safer handling of temporary files with open_basedir (thanks to Thijs + Kinkhorst) +- [core] do not automatically set and create TempDir, it might lead to secrity + issue (thanks to Thijs Kinkhorst) + [lang] Czech update - bug #2066923 [display] Navi browse icon does not go to page 1 - patch #2075263 [auth] Single sign-on and cookie clearing, diff --git a/libraries/File.class.php b/libraries/File.class.php index eff14057a..e18b975e3 100644 --- a/libraries/File.class.php +++ b/libraries/File.class.php @@ -510,34 +510,7 @@ class PMA_File return true; } - /** - * it is not important if open_basedir is set - we just cannot read the file - * so we try to move it - if ('' != ini_get('open_basedir')) { - */ - - // check tmp dir config - if (empty($GLOBALS['cfg']['TempDir'])) { - $GLOBALS['cfg']['TempDir'] = 'tmp/'; - } - - // suppress warnings from being displayed, but not from being logged - ob_start(); - // check tmp dir - if (! is_dir($GLOBALS['cfg']['TempDir'])) { - // try to create the tmp directory - if (@mkdir($GLOBALS['cfg']['TempDir'], 0777)) { - chmod($GLOBALS['cfg']['TempDir'], 0777); - } else { - // create tmp dir failed - $this->_error_message = $GLOBALS['strFieldInsertFromFileTempDirNotExists']; - ob_end_clean(); - return false; - } - } - ob_end_clean(); - - if (! is_writable($GLOBALS['cfg']['TempDir'])) { + if (empty($GLOBALS['cfg']['TempDir']) || ! is_writable($GLOBALS['cfg']['TempDir'])) { // cannot create directory or access, point user to FAQ 1.11 $this->_error_message = $GLOBALS['strFieldInsertFromFileTempDirNotExists']; return false;