summaryrefslogtreecommitdiff
path: root/ext/mysqli/mysqli_api.c
diff options
context:
space:
mode:
authorStanislav Malyshev <stas@php.net>2007-06-18 21:51:32 +0000
committerStanislav Malyshev <stas@php.net>2007-06-18 21:51:32 +0000
commitb925a9248b11823f834a139a7af106aaea1ca087 (patch)
tree0e36467556f8f85275c687a0c3b778344a1f15c8 /ext/mysqli/mysqli_api.c
parent210f09102202f96f5b0ef04bed6544741aaa703a (diff)
downloadphp-git-b925a9248b11823f834a139a7af106aaea1ca087.tar.gz
Fix INFILE LOCAL option handling with MySQL - now not allowed when open_basedir
or safe_mode is active
Diffstat (limited to 'ext/mysqli/mysqli_api.c')
-rw-r--r--ext/mysqli/mysqli_api.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index 71a7308f6a..5afd565ff5 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -1289,6 +1289,12 @@ PHP_FUNCTION(mysqli_options)
}
MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
+ if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
+ if(mysql_option == MYSQL_OPT_LOCAL_INFILE) {
+ RETURN_FALSE;
+ }
+ }
+
switch (Z_TYPE_PP(&mysql_value)) {
case IS_STRING:
ret = mysql_options(mysql->mysql, mysql_option, Z_STRVAL_PP(&mysql_value));
@@ -1427,9 +1433,9 @@ PHP_FUNCTION(mysqli_real_connect)
MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
/* remove some insecure options */
- flags ^= CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */
- if (PG(open_basedir) && strlen(PG(open_basedir))) {
- flags ^= CLIENT_LOCAL_FILES;
+ flags &= ~CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */
+ if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
+ flags &= ~CLIENT_LOCAL_FILES;
}
if (!socket) {
View Lorry Controller Status