File php-4.3.2-curlsafemode.patch of Package php4

--- php-4.3.2/ext/curl/curl.c.curlsafemode
+++ php-4.3.2/ext/curl/curl.c
@@ -619,6 +619,16 @@
 		WRONG_PARAM_COUNT;
 	}
 
+	if (argc > 0) {
+		char *urltmp = Z_STRVAL_PP(url);
+
+		if (strncasecmp(urltmp, "file://", 7) == 0) {
+			urltmp = strstr((urltmp+7), "/");
+			if (php_check_open_basedir(urltmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(urltmp, "rb+", CHECKUID_CHECK_MODE_PARAM)))
+				RETURN_FALSE;
+		}
+	}
+
 	alloc_curl_handle(&ch);
 
 	ch->cp = curl_easy_init();
@@ -720,7 +730,6 @@
 			convert_to_long_ex(zvalue);
 			error = curl_easy_setopt(ch->cp, option, Z_LVAL_PP(zvalue));
 			break;
-		case CURLOPT_URL:
 		case CURLOPT_PROXY:
 		case CURLOPT_USERPWD:
 		case CURLOPT_PROXYUSERPWD:
@@ -758,6 +767,24 @@
 
 			break;
 		}
+		case CURLOPT_URL: {
+			char *copystr = NULL;
+			char *urltmp = Z_STRVAL_PP(zvalue);
+
+			if (strncasecmp(urltmp, "file://", 7) == 0) {
+				urltmp = strstr((urltmp+7), "/");
+				if (php_check_open_basedir(urltmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(urltmp, "rb+", CHECKUID_CHECK_MODE_PARAM)))
+					RETURN_FALSE;
+			}
+
+			convert_to_string_ex(zvalue);
+			copystr = estrndup(Z_STRVAL_PP(zvalue), Z_STRLEN_PP(zvalue));
+
+			error = curl_easy_setopt(ch->cp, option, copystr);
+			zend_llist_add_element(&ch->to_free.str, &copystr);
+
+			break;
+		}
 		case CURLOPT_FILE:
 		case CURLOPT_INFILE: 
 		case CURLOPT_WRITEHEADER: