From: Stanislav Malyshev Date: Mon, 18 Jun 2007 21:59:05 +0000 (+0000) Subject: Fix INFILE LOCAL option handling with MySQL - now not allowed when open_basedir X-Git-Tag: BEFORE_IMPORT_OF_MYSQLND~420 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7d0ad106b4950dd7b4634942127946ba5f9bedef;p=php Fix INFILE LOCAL option handling with MySQL - now not allowed when open_basedir is active --- diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c index 848a0184f9..a7ef37c10b 100644 --- a/ext/mysqli/mysqli_api.c +++ b/ext/mysqli/mysqli_api.c @@ -1320,6 +1320,12 @@ PHP_FUNCTION(mysqli_options) } MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED); + if (PG(open_basedir) && PG(open_basedir)[0] != '\0') { + if(mysql_option == MYSQL_OPT_LOCAL_INFILE) { + RETURN_FALSE; + } + } + switch (Z_TYPE_PP(&mysql_value)) { case IS_UNICODE: zval_unicode_to_string(mysql_value TSRMLS_CC); @@ -1453,9 +1459,9 @@ PHP_FUNCTION(mysqli_real_connect) MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED); /* remove some insecure options */ - flags ^= CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */ - if (PG(open_basedir) && strlen(PG(open_basedir))) { - flags ^= CLIENT_LOCAL_FILES; + flags &= ~CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */ + if (PG(open_basedir) && PG(open_basedir)[0] != '\0') { + flags &= ~CLIENT_LOCAL_FILES; } if (!socket) { diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c index bfbe74da82..760e8c2f05 100755 --- a/ext/pdo_mysql/mysql_driver.c +++ b/ext/pdo_mysql/mysql_driver.c @@ -476,6 +476,10 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ H->emulate_prepare = pdo_attr_lval(driver_options, PDO_MYSQL_ATTR_DIRECT_QUERY, 1 TSRMLS_CC); H->max_buffer_size = pdo_attr_lval(driver_options, PDO_MYSQL_ATTR_MAX_BUFFER_SIZE, H->max_buffer_size TSRMLS_CC); + if (PG(open_basedir) && PG(open_basedir)[0] != '\0') { + local_infile = 0; + } + if (mysql_options(H->server, MYSQL_OPT_CONNECT_TIMEOUT, (const char *)&connect_timeout)) { pdo_mysql_error(dbh); goto cleanup;