mirror of
https://github.com/php/php-src.git
synced 2024-09-22 10:27:25 +00:00
Fix INFILE LOCAL option handling with MySQL - now not allowed when open_basedir
or safe_mode is active
This commit is contained in:
parent
210f091022
commit
b925a9248b
@ -603,7 +603,7 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
|
||||
break;
|
||||
}
|
||||
/* disable local infile option for open_basedir */
|
||||
if (PG(open_basedir) && strlen(PG(open_basedir)) && (client_flags & CLIENT_LOCAL_FILES)) {
|
||||
if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) {
|
||||
client_flags ^= CLIENT_LOCAL_FILES;
|
||||
}
|
||||
|
||||
|
@ -1289,6 +1289,12 @@ PHP_FUNCTION(mysqli_options)
|
||||
}
|
||||
MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
|
||||
|
||||
if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
|
||||
if(mysql_option == MYSQL_OPT_LOCAL_INFILE) {
|
||||
RETURN_FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
switch (Z_TYPE_PP(&mysql_value)) {
|
||||
case IS_STRING:
|
||||
ret = mysql_options(mysql->mysql, mysql_option, Z_STRVAL_PP(&mysql_value));
|
||||
@ -1427,9 +1433,9 @@ PHP_FUNCTION(mysqli_real_connect)
|
||||
MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
|
||||
|
||||
/* remove some insecure options */
|
||||
flags ^= CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */
|
||||
if (PG(open_basedir) && strlen(PG(open_basedir))) {
|
||||
flags ^= CLIENT_LOCAL_FILES;
|
||||
flags &= ~CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */
|
||||
if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
|
||||
flags &= ~CLIENT_LOCAL_FILES;
|
||||
}
|
||||
|
||||
if (!socket) {
|
||||
|
@ -492,7 +492,11 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
|
||||
pdo_mysql_error(dbh);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
||||
if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
|
||||
local_infile = 0;
|
||||
}
|
||||
|
||||
if (mysql_options(H->server, MYSQL_OPT_LOCAL_INFILE, (const char *)&local_infile)) {
|
||||
pdo_mysql_error(dbh);
|
||||
goto cleanup;
|
||||
|
Loading…
Reference in New Issue
Block a user