diff options
| author | Stanislav Malyshev <stas@php.net> | 2007-06-18 21:51:32 +0000 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2007-06-18 21:51:32 +0000 |
| commit | b925a9248b11823f834a139a7af106aaea1ca087 (patch) | |
| tree | 0e36467556f8f85275c687a0c3b778344a1f15c8 | |
| parent | 210f09102202f96f5b0ef04bed6544741aaa703a (diff) | |
| download | php-git-b925a9248b11823f834a139a7af106aaea1ca087.tar.gz | |
Fix INFILE LOCAL option handling with MySQL - now not allowed when open_basedir
or safe_mode is active
| -rw-r--r-- | ext/mysql/php_mysql.c | 2 | ||||
| -rw-r--r-- | ext/mysqli/mysqli_api.c | 12 | ||||
| -rwxr-xr-x | ext/pdo_mysql/mysql_driver.c | 6 |
3 files changed, 15 insertions, 5 deletions
diff --git a/ext/mysql/php_mysql.c b/ext/mysql/php_mysql.c index 172249665d..35b9dc66c1 100644 --- a/ext/mysql/php_mysql.c +++ b/ext/mysql/php_mysql.c @@ -603,7 +603,7 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent) break; } /* disable local infile option for open_basedir */ - if (PG(open_basedir) && strlen(PG(open_basedir)) && (client_flags & CLIENT_LOCAL_FILES)) { + if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) { client_flags ^= CLIENT_LOCAL_FILES; } diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c index 71a7308f6a..5afd565ff5 100644 --- a/ext/mysqli/mysqli_api.c +++ b/ext/mysqli/mysqli_api.c @@ -1289,6 +1289,12 @@ PHP_FUNCTION(mysqli_options) } MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED); + if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) { + if(mysql_option == MYSQL_OPT_LOCAL_INFILE) { + RETURN_FALSE; + } + } + switch (Z_TYPE_PP(&mysql_value)) { case IS_STRING: ret = mysql_options(mysql->mysql, mysql_option, Z_STRVAL_PP(&mysql_value)); @@ -1427,9 +1433,9 @@ PHP_FUNCTION(mysqli_real_connect) MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED); /* remove some insecure options */ - flags ^= CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */ - if (PG(open_basedir) && strlen(PG(open_basedir))) { - flags ^= CLIENT_LOCAL_FILES; + flags &= ~CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */ + if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) { + flags &= ~CLIENT_LOCAL_FILES; } if (!socket) { diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c index 8f099e0d71..0519d585c6 100755 --- a/ext/pdo_mysql/mysql_driver.c +++ b/ext/pdo_mysql/mysql_driver.c @@ -492,7 +492,11 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ pdo_mysql_error(dbh); goto cleanup; } - + + if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) { + local_infile = 0; + } + if (mysql_options(H->server, MYSQL_OPT_LOCAL_INFILE, (const char *)&local_infile)) { pdo_mysql_error(dbh); goto cleanup; |