From: Jason Greene <jason@php.net>
Date: Thu, 7 Mar 2002 20:39:55 +0000 (+0000)
Subject: Disallow mysql's 'LOAD LOCAL' when safe mode is enabled
X-Git-Tag: php-4.2.0RC1~69
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=760add1c63493680cd810ea95bc3fd7f7148743b;p=php

Disallow mysql's 'LOAD LOCAL' when safe mode is enabled
---

diff --git a/ext/mysql/config.m4 b/ext/mysql/config.m4
index 5f1e268c9e..215447b1ef 100644
--- a/ext/mysql/config.m4
+++ b/ext/mysql/config.m4
@@ -41,6 +41,9 @@ PHP_ARG_WITH(mysql, for MySQL support,
 
 if test "$PHP_MYSQL" != "no"; then
   AC_DEFINE(HAVE_MYSQL, 1, [Whether you have MySQL])
+  if test "$PHP_SAFE_MODE" = "yes"; then
+     AC_DEFINE(DISALLOW_MYSQL_LOAD_LOCAL, 1, [Whether to disable load local])
+  fi
   PHP_EXTENSION(mysql,$ext_shared)
 fi
 
diff --git a/ext/mysql/libmysql/libmysql.c b/ext/mysql/libmysql/libmysql.c
index 0ffaabc852..cd8738fd0e 100644
--- a/ext/mysql/libmysql/libmysql.c
+++ b/ext/mysql/libmysql/libmysql.c
@@ -50,7 +50,11 @@ static my_bool	mysql_client_init=0;
 uint		mysql_port=0;
 my_string	mysql_unix_port=0;
 
+#ifndef DISALLOW_MYSQL_LOAD_LOCAL
 #define CLIENT_CAPABILITIES	(CLIENT_LONG_PASSWORD | CLIENT_LONG_FLAG | CLIENT_LOCAL_FILES | CLIENT_TRANSACTIONS)
+#else 
+#define CLIENT_CAPABILITIES	(CLIENT_LONG_PASSWORD | CLIENT_LONG_FLAG | CLIENT_TRANSACTIONS) 
+#endif 
 
 #ifdef __WIN__
 #define CONNECT_TIMEOUT 20