From 951dcd011e9a8e366d3a68b32628eebb9c0118a8 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Fri, 24 Sep 2004 21:27:13 +0000
Subject: bug #1034216 open_basedir and file upload

---
 read_dump.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'read_dump.php')

diff --git a/read_dump.php b/read_dump.php
index f9832f1a8f..c9d1e14d96 100644
--- a/read_dump.php
+++ b/read_dump.php
@@ -76,8 +76,14 @@ if ($sql_file != 'none') {
 // loic1 : fixed a security issue
 //    if ((file_exists($sql_file) && is_uploaded_file($sql_file))
 //        || file_exists($cfg['UploadDir'] . $sql_localfile)) {
-    if (file_exists($sql_file)
-        && ((isset($sql_localfile) && $sql_file == $cfg['UploadDir'] . $sql_localfile) || is_uploaded_file($sql_file))) {
+
+    // file_exists() returns false if open_basedir is set
+    //if (file_exists($sql_file)
+    //    && ((isset($sql_localfile) && $sql_file == $cfg['UploadDir'] . $sql_localfile) || is_uploaded_file($sql_file))) {
+        
+    if ((is_uploaded_file($sql_file))
+        ||(isset($sql_localfile) && $sql_file == $cfg['UploadDir'] . $sql_localfile)  && file_exists($sql_file)) {
+
         $open_basedir = @ini_get('open_basedir');
 
         if (!isset($sql_file_compression)) $sql_file_compression = '';
-- 
cgit v1.2.3