Fix INFILE LOCAL option handling with MySQL - now not allowed when open_basedir

is active

ext/mysqli/mysqli_api.c

@@ -1320,6 +1320,12 @@ PHP_FUNCTION(mysqli_options)
 	}
 	MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
 
+	if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
+		if(mysql_option == MYSQL_OPT_LOCAL_INFILE) {
+			RETURN_FALSE;
+		}
+	}
+
 	switch (Z_TYPE_PP(&mysql_value)) {
 		case IS_UNICODE:
 			zval_unicode_to_string(mysql_value TSRMLS_CC);
@@ -1453,9 +1459,9 @@ PHP_FUNCTION(mysqli_real_connect)
 	MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
 
 	/* remove some insecure options */
-	flags ^= CLIENT_MULTI_STATEMENTS;   /* don't allow multi_queries via connect parameter */
-	if (PG(open_basedir) && strlen(PG(open_basedir))) {
-		flags ^= CLIENT_LOCAL_FILES;
+	flags &= ~CLIENT_MULTI_STATEMENTS;   /* don't allow multi_queries via connect parameter */
+	if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
+		flags &= ~CLIENT_LOCAL_FILES;
 	}
 
 	if (!socket) {

ext/pdo_mysql/mysql_driver.c

@@ -476,6 +476,10 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
 		H->emulate_prepare = pdo_attr_lval(driver_options, PDO_MYSQL_ATTR_DIRECT_QUERY, 1 TSRMLS_CC);
 		H->max_buffer_size = pdo_attr_lval(driver_options, PDO_MYSQL_ATTR_MAX_BUFFER_SIZE, H->max_buffer_size TSRMLS_CC);
 
+		if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
+			local_infile = 0;
+		}
+
 		if (mysql_options(H->server, MYSQL_OPT_CONNECT_TIMEOUT, (const char *)&connect_timeout)) {
 			pdo_mysql_error(dbh);
 			goto cleanup;