From 2eaabf06fc5a62104ecb597830b2852d71b0a111 Mon Sep 17 00:00:00 2001
From: Darek Slusarczyk <dariusz.slusarczyk@oracle.com>
Date: Mon, 11 Feb 2019 17:16:49 +0100
Subject: security fix - by default 'local infile' is disabled: - set default
 for mysqli.allow_local_infile=0 - explicitly disable
 PDO::MYSQL_ATTR_LOCAL_INFILE in case of lack of driver options - add
 getAttribute support for PDO::MYSQL_ATTR_LOCAL_INFILE - update existing tests
 where needed - add new tests [checking default value and setting on] the
 'local infile' in ext/mysqli and ext/pdo_mysql

---
 ext/mysqli/mysqli.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ext/mysqli/mysqli.c')

diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
index 8f3446952e..fff095f081 100644
--- a/ext/mysqli/mysqli.c
+++ b/ext/mysqli/mysqli.c
@@ -524,7 +524,7 @@ PHP_INI_BEGIN()
 	STD_PHP_INI_ENTRY("mysqli.default_socket",			NULL,	PHP_INI_ALL,		OnUpdateStringUnempty,	default_socket,	zend_mysqli_globals,		mysqli_globals)
 #endif
 	STD_PHP_INI_BOOLEAN("mysqli.reconnect",				"0",	PHP_INI_SYSTEM,		OnUpdateLong,		reconnect,			zend_mysqli_globals,		mysqli_globals)
-	STD_PHP_INI_BOOLEAN("mysqli.allow_local_infile",	"1",	PHP_INI_SYSTEM,		OnUpdateLong,		allow_local_infile,	zend_mysqli_globals,		mysqli_globals)
+	STD_PHP_INI_BOOLEAN("mysqli.allow_local_infile",	"0",	PHP_INI_SYSTEM,		OnUpdateLong,		allow_local_infile,	zend_mysqli_globals,		mysqli_globals)
 PHP_INI_END()
 /* }}} */
 
@@ -549,7 +549,7 @@ static PHP_GINIT_FUNCTION(mysqli)
 	mysqli_globals->reconnect = 0;
 	mysqli_globals->report_mode = 0;
 	mysqli_globals->report_ht = 0;
-	mysqli_globals->allow_local_infile = 1;
+	mysqli_globals->allow_local_infile = 0;
 #ifdef HAVE_EMBEDDED_MYSQLI
 	mysqli_globals->embedded = 1;
 #else
-- 
cgit v1.2.1