Fix INFILE LOCAL option handling with MySQL - now not allowed when open_basedir

or safe_mode is active

ext/mysql/php_mysql.c

@@ -603,7 +603,7 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 				break;
 		}
 		/* disable local infile option for open_basedir */
-                if (PG(open_basedir) && strlen(PG(open_basedir)) && (client_flags & CLIENT_LOCAL_FILES)) {
+		if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) {
                 	client_flags ^= CLIENT_LOCAL_FILES;
 		}
 

ext/mysqli/mysqli_api.c

@@ -1289,6 +1289,12 @@ PHP_FUNCTION(mysqli_options)
 	}
 	MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
 
+	if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
+		if(mysql_option == MYSQL_OPT_LOCAL_INFILE) {
+			RETURN_FALSE;
+		}
+	}
+
 	switch (Z_TYPE_PP(&mysql_value)) {
 		case IS_STRING:
 			ret = mysql_options(mysql->mysql, mysql_option, Z_STRVAL_PP(&mysql_value));
@@ -1427,9 +1433,9 @@ PHP_FUNCTION(mysqli_real_connect)
 	MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
 
 	/* remove some insecure options */
-	flags ^= CLIENT_MULTI_STATEMENTS;   /* don't allow multi_queries via connect parameter */
-	if (PG(open_basedir) && strlen(PG(open_basedir))) {
-		flags ^= CLIENT_LOCAL_FILES;
+	flags &= ~CLIENT_MULTI_STATEMENTS;   /* don't allow multi_queries via connect parameter */
+	if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
+		flags &= ~CLIENT_LOCAL_FILES;
 	}
 
 	if (!socket) {

ext/pdo_mysql/mysql_driver.c

@@ -493,6 +493,10 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
 			goto cleanup;
 		}
 
+		if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
+			local_infile = 0;
+		}
+
 		if (mysql_options(H->server, MYSQL_OPT_LOCAL_INFILE, (const char *)&local_infile)) {
 			pdo_mysql_error(dbh);
 			goto cleanup;