The long story short: this patch allows PHP to write in directories, created by itself when running in safe mode as Apache module. The chances are that you know what I'm talking about unless you happen to reach this page by mistake.
Download patch here:
http://www.titov.net/safemodepatch/phpsafemode.patch (tested on PHP 4.3.5 - 4.3.9)
http://www.titov.net/safemodepatch/phpsafemode-4.3.10.patch (PHP 4.3.10 - 4.4.1)
and than apply to PHP source (while you are in php source directory):
patch -p1 < /path/to/phpsafemode.patch
Warning: you still should chmod directories you're planing to write or create directories in with PHP (most probably to 0777), but you will be able to write in directories, created by PHP without chmod.
You only can benefit from this patch if you're server administrator. If you just have problems with safe mode on your virtual hosting, the only thing you can do is to convince the server administrator to appy this patch against PHP sorce and recompite it.
The patch respects the safe_mode_gid setting.
Description: the idea of safe_mode is that it compares UIDs (or GIDs if safe_mode_gid setting is on and UID test fails) of the executing script and the file or directory you're trying to operate on and if they are different PHP shows "safe_mode restriction in effect" stuff. When you run PHP as apache module, it runs with UID of apache and all files and directories created by PHP are with this UID, while the chances are that the scripts are with UIDs of your FTP user and that's why you cannot operate with directories created by PHP.The patch changes the PHP behavior and after initial UID comparison now safe_mode checks if the file/directory is owned by the web server's user and if so it starts to check UIDs of the parent directories until it find a directory with UID that is different that web server's one and if this UID is the same as script's one, the modified safe_mode allows you to access the file/directory, if this first non-web server UID is different that the script's one the patch pretends as no additional checks had place and leave the original code to handle the error. The idea is that if you own parent directory, and there is directory in it, created by PHP, you should be able to access this directory.
The patch was originally written for internal use in Host.bg, but later I decided to publish it under BSD license. Anyway the code is quite stable and works at Host.bg for half an year now without any problems and now there is no clients complaining about "safe_mode restriction in effect" and asking to turn it off.
Copyright (c) 2004, Anton Titov All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
you can contact me at anton@domain_of_this_page.net