File php-5.1.2-CVE-2007-1461.patch of Package php

--- ext/bz2/bz2.c	2007/03/06 02:10:25	1.14.2.3.2.11
+++ ext/bz2/bz2.c	2007/03/14 03:50:18	1.14.2.3.2.12
@@ -225,6 +225,10 @@
 #else
 	path_copy = path;
 #endif  
+
+	if ((PG(safe_mode) && (!php_checkuid(path_copy, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(path_copy TSRMLS_CC)) {
+		return NULL;
+	}
 	
 	/* try and open it directly first */
 	bz_file = BZ2_bzopen(path_copy, mode);
@@ -236,7 +240,7 @@
 	
 	if (bz_file == NULL) {
 		/* that didn't work, so try and get something from the network/wrapper */
-		stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST, opened_path);
+		stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST | ENFORCE_SAFE_MODE, opened_path);
 	
 		if (stream) {
 			int fd;