mirror of
https://github.com/php/php-src.git
synced 2024-09-22 10:27:25 +00:00
Fix INFILE LOCAL option handling with MySQL - now not allowed when open_basedir
is active
This commit is contained in:
parent
0465ee4006
commit
7d0ad106b4
@ -1320,6 +1320,12 @@ PHP_FUNCTION(mysqli_options)
|
||||
}
|
||||
MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
|
||||
|
||||
if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
|
||||
if(mysql_option == MYSQL_OPT_LOCAL_INFILE) {
|
||||
RETURN_FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
switch (Z_TYPE_PP(&mysql_value)) {
|
||||
case IS_UNICODE:
|
||||
zval_unicode_to_string(mysql_value TSRMLS_CC);
|
||||
@ -1453,9 +1459,9 @@ PHP_FUNCTION(mysqli_real_connect)
|
||||
MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
|
||||
|
||||
/* remove some insecure options */
|
||||
flags ^= CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */
|
||||
if (PG(open_basedir) && strlen(PG(open_basedir))) {
|
||||
flags ^= CLIENT_LOCAL_FILES;
|
||||
flags &= ~CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */
|
||||
if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
|
||||
flags &= ~CLIENT_LOCAL_FILES;
|
||||
}
|
||||
|
||||
if (!socket) {
|
||||
|
@ -476,6 +476,10 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
|
||||
H->emulate_prepare = pdo_attr_lval(driver_options, PDO_MYSQL_ATTR_DIRECT_QUERY, 1 TSRMLS_CC);
|
||||
H->max_buffer_size = pdo_attr_lval(driver_options, PDO_MYSQL_ATTR_MAX_BUFFER_SIZE, H->max_buffer_size TSRMLS_CC);
|
||||
|
||||
if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
|
||||
local_infile = 0;
|
||||
}
|
||||
|
||||
if (mysql_options(H->server, MYSQL_OPT_CONNECT_TIMEOUT, (const char *)&connect_timeout)) {
|
||||
pdo_mysql_error(dbh);
|
||||
goto cleanup;
|
||||
|
Loading…
Reference in New Issue
Block a user