Fixed bug #42560: check open_basedir after the fallback to the system's temporary directory in tempnam()

[sj-i]

• https://bugs.php.net/bug.php?id=42560
• Currently, open_basedir checking is done against the passed directory name before any fallback is processed.
• With this fix open_basedir checking is done against the actual directory going to be used.
• The open_basedir checking continues to be skipped if PHP_TMP_FILE_OPEN_BASEDIR_CHECK isn't set.
• As a side effect of this fix, file uploads become to be always affected by the open_basedir checking. The current implementation seems to bypass the open_basedir checking when upload_tmp_dir is set.
• The open_basedir checking continues to be skipped if PHP_TMP_FILE_OPEN_BASEDIR_CHECK_* aren't set.
  • PHP_TMP_FILE_OPEN_BASEDIR_CHECK was originally added as a follow-up of Request #69489 #1246 , but was never used by the callers in php-src.
  • To keep the original behavior of bypassing the open_basedir check when upload_tmp_dir is explicitly set, I've introduced macros that can be used to specify whether the check should be performed, separately for fallback and explicitly specified directories.

[nikic]

Generally looks reasonable to me. @cmb69 Any thoughts on the upload_tmp_dir part? I could see an argument for just not checking open_basedir for that at all, as it's a PHP_INI_SYSTEM setting.

[cmb69]

I think that checking an explicitly set upload_tmp_dir for open_basedir should at least not be done in a revision. The docs are not super clear on that, but state:

If open_basedir is on, then the system default directory must be allowed for an upload to succeed.

So one could reasonably assume that this is not the case for explicitly set upload_tmp_dir.

[sj-i]

@nikic @cmb69
Thanks for your comments.
I've fixed it so that open_basedir is not checked if an explicit upload_tmp_dir is set.