Merge branch 'PHP-5.6' into PHP-7.0

Conflicts: ext/mysql/php_mysql.c
2024-09-21 18:07:23 +00:00 · 2015-11-16 17:59:46 +08:00 · 2015-11-16 17:59:46 +08:00 · 9134f9e98f
commit 9134f9e98f
parent 0dce4bef79 25439e939e
9 changed files with 103 additions and 11 deletions
--- a/4
+++ b/4
@ -10,6 +10,10 @@ PHP                                                                        NEWS
  . Fixed bug #70898, #70895 (null ptr deref and segfault with crafted callable).
    (Anatol, Laruence)

+- Mysqlnd:
+  . Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
+    (Laruence)
+
 - OCI8:
  . Fixed memory leak with LOBs. (Senthil)

--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@ -368,7 +368,12 @@ PHP_FUNCTION(ldap_connect)
 			}

 			url = emalloc(urllen);
-			snprintf( url, urllen, "ldap://%s:%ld", host ? host : "", port );
+			if (host && (strchr(host, ':') != NULL)) {
+				/* Legacy support for host:port */
+				snprintf( url, urllen, "ldap://%s", host );
+			} else {
+				snprintf( url, urllen, "ldap://%s:%ld", host ? host : "", port );
+			}
 		}

 #ifdef LDAP_API_FEATURE_X_OPENLDAP
--- a/ext/ldap/tests/ldap_connect_variation.phpt
+++ b/ext/ldap/tests/ldap_connect_variation.phpt
@ -28,6 +28,10 @@ var_dump($link);
 // bad hostname (connect should work, not bind)
 $link = ldap_connect("nonexistent" . $host);
 var_dump($link);
+
+// Legacy host:port syntax
+$link = ldap_connect("$host:$port");
+var_dump($link);
 ?>
 ===DONE===
 --EXPECTF--
@ -36,4 +40,5 @@ resource(%d) of type (ldap link)
 resource(%d) of type (ldap link)
 resource(%d) of type (ldap link)
 resource(%d) of type (ldap link)
+resource(%d) of type (ldap link)
 ===DONE===
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@ -1776,6 +1776,7 @@ PHP_FUNCTION(mysqli_options)
 	}
 	MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_INITIALIZED);

+#if !defined(MYSQLI_USE_MYSQLND)
 #if PHP_API_VERSION < 20100412
 	if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
 #else
@ -1785,6 +1786,7 @@ PHP_FUNCTION(mysqli_options)
 			RETURN_FALSE;
 		}
 	}
+#endif
 	expected_type = mysqli_options_get_option_zval_type(mysql_option);
 	if (expected_type != Z_TYPE_P(mysql_value)) {
 		switch (expected_type) {
--- a/ext/mysqli/mysqli_nonapi.c
+++ b/ext/mysqli/mysqli_nonapi.c
@ -118,9 +118,11 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_real_conne
 		flags |= CLIENT_MULTI_RESULTS; /* needed for mysql_multi_query() */
 		/* remove some insecure options */
 		flags &= ~CLIENT_MULTI_STATEMENTS;   /* don't allow multi_queries via connect parameter */
+#if !defined(MYSQLI_USE_MYSQLND)
 		if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
 			flags &= ~CLIENT_LOCAL_FILES;
 		}
+#endif
 	}

 	if (!socket_len || !socket) {
--- a/ext/mysqli/tests/bug68077.phpt
+++ b/ext/mysqli/tests/bug68077.phpt
@ -0,0 +1,70 @@
+--TEST--
+Bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction)
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifconnectfailure.inc');
+if (!$IS_MYSQLND) {
+	die("skip: test applies only to mysqlnd");
+}
+?>
+--INI--
+open_basedir={PWD}
+--FILE--
+<?php
+	require_once("connect.inc");
+
+	if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) {
+		printf("[001] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
+	}
+
+	if (!$link->query("DROP TABLE IF EXISTS test")) {
+		printf("[002] [%d] %s\n", $link->errno, $link->error);
+	}
+
+	if (!$link->query("CREATE TABLE test (dump1 INT UNSIGNED NOT NULL PRIMARY KEY) ENGINE=" . $engine)) {
+		printf("[003] [%d] %s\n", $link->errno, $link->error);
+	}
+
+	if (FALSE == file_put_contents(__DIR__ . '/bug53503.data', "1\n2\n3\n"))
+		printf("[004] Failed to create CVS file\n");
+
+	if (!$link->query("SELECT 1 FROM DUAL"))
+		printf("[005] [%d] %s\n", $link->errno, $link->error);
+
+	if (!$link->query("LOAD DATA LOCAL INFILE '" . __DIR__  . "/bug53503.data' INTO TABLE test")) {
+		printf("[006] [%d] %s\n", $link->errno, $link->error);
+		echo "bug\n";
+	} else {
+		echo "done\n";
+	}
+
+	if (!$link->query("LOAD DATA LOCAL INFILE '../../bug53503.data' INTO TABLE test")) {
+		printf("[006] [%d] %s\n", $link->errno, $link->error);
+		echo "done\n";
+	} else {
+		echo "bug\n";
+	}
+	$link->close();
+?>
+--CLEAN--
+<?php
+require_once('connect.inc');
+
+if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) {
+	printf("[clean] Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n",
+		$host, $user, $db, $port, $socket);
+}
+
+if (!$link->query($link, 'DROP TABLE IF EXISTS test')) {
+	printf("[clean] Failed to drop old test table: [%d] %s\n", mysqli_errno($link), mysqli_error($link));
+}
+
+$link->close();
+
+unlink('bug53503.data');
+?>
+--EXPECTF--
+done
+[006] [2000] open_basedir restriction in effect. Unable to open file
+done
--- a/ext/mysqli/tests/mysqli_options_openbasedir.phpt
+++ b/ext/mysqli/tests/mysqli_options_openbasedir.phpt
@ -8,16 +8,22 @@ require_once('skipifconnectfailure.inc');
 ?>
 --FILE--
 <?php
-	require_once('connect.inc');
-	ini_set("open_basedir", __DIR__);
-	if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket))
-		printf("[001] Cannot connect, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
+require_once('connect.inc');
+ini_set("open_basedir", __DIR__);
+if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket))
+	printf("[001] Cannot connect, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());

+if ($IS_MYSQLND) {
+	if (true !== mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, 1))
+		printf("[002] Can not set MYSQLI_OPT_LOCAL_INFILE although open_basedir is set!\n");
+
+} else {
 	if (false !== mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, 1))
 		printf("[002] Can set MYSQLI_OPT_LOCAL_INFILE although open_basedir is set!\n");

-	mysqli_close($link);
-	print "done!";
+}
+mysqli_close($link);
+print "done!";
 ?>
 --EXPECTF--
 done!
--- a/ext/mysqlnd/mysqlnd.c
+++ b/ext/mysqlnd/mysqlnd.c
@ -756,10 +756,6 @@ MYSQLND_METHOD(mysqlnd_conn_data, get_updated_connect_flags)(MYSQLND_CONN_DATA *

 	mysql_flags |= conn->options->flags; /* use the flags from set_client_option() */

-	if (PG(open_basedir) && strlen(PG(open_basedir))) {
-		mysql_flags ^= CLIENT_LOCAL_FILES;
-	}
-
 #ifndef MYSQLND_COMPRESSION_ENABLED
 	if (mysql_flags & CLIENT_COMPRESS) {
 		mysql_flags &= ~CLIENT_COMPRESS;
--- a/ext/pdo_mysql/mysql_driver.c
+++ b/ext/pdo_mysql/mysql_driver.c
@ -632,6 +632,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options)
 			goto cleanup;
 		}

+#ifndef PDO_USE_MYSQLND
 #if PHP_API_VERSION < 20100412
 		if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode))
 #else
@ -640,6 +641,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options)
 		{
 			local_infile = 0;
 		}
+#endif
 #if defined(MYSQL_OPT_LOCAL_INFILE) || defined(PDO_USE_MYSQLND)
 		if (mysql_options(H->server, MYSQL_OPT_LOCAL_INFILE, (const char *)&local_infile)) {
 			pdo_mysql_error(dbh);