additional check for unsecure connect options

author Georg Richter <georg@php.net>

Sat, 31 May 2003 07:05:34 +0000 (07:05 +0000)

committer Georg Richter <georg@php.net>

Sat, 31 May 2003 07:05:34 +0000 (07:05 +0000)
author Georg Richter <georg@php.net>
Sat, 31 May 2003 07:05:34 +0000 (07:05 +0000)
committer Georg Richter <georg@php.net>
Sat, 31 May 2003 07:05:34 +0000 (07:05 +0000)
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c

index c4638ac71c33e4b96ef26dfe1a56264082392cd5..f237c960d6d2ab4ab8fb919bbfca62495192d5f3 100644 (file)
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -1435,6 +1435,12 @@ PHP_FUNCTION(mysqli_real_connect)
  
         MYSQLI_FETCH_RESOURCE(mysql, MYSQL *, prmysql, PR_MYSQL *, &mysql_link, "mysqli_link");
  
+       /* remove some insecure options */
+       $flags ^= CLIENT_MULTI_QUERIES;   // don't allow multi_queries via connect parameter
+       if (PG(open_basedir) && strlen(PG(open_basedir))) {
+               flags ^= CLIENT_LOCAL_FILES;
+       }
+
         if (mysql_real_connect(mysql,hostname,username,passwd,dbname,port,socket,flags) == NULL) {
                 /* Save error messages */
                 php_mysqli_set_error(mysql_errno(mysql), (char *)mysql_error(mysql) TSRMLS_CC);
author	Georg Richter <georg@php.net>
	Sat, 31 May 2003 07:05:34 +0000 (07:05 +0000)
committer	Georg Richter <georg@php.net>
	Sat, 31 May 2003 07:05:34 +0000 (07:05 +0000)