From: Georg Richter <georg@php.net>
Date: Sat, 31 May 2003 07:05:34 +0000 (+0000)
Subject: additional check for unsecure connect options
X-Git-Tag: RELEASE_1_0_2~490
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=82afbdc28160a9673814f623c3af01ed077ebadd;p=php

additional check for unsecure connect options
---

diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index c4638ac71c..f237c960d6 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -1435,6 +1435,12 @@ PHP_FUNCTION(mysqli_real_connect)
 
 	MYSQLI_FETCH_RESOURCE(mysql, MYSQL *, prmysql, PR_MYSQL *, &mysql_link, "mysqli_link");
 
+	/* remove some insecure options */
+	$flags ^= CLIENT_MULTI_QUERIES;   // don't allow multi_queries via connect parameter
+	if (PG(open_basedir) && strlen(PG(open_basedir))) {
+		flags ^= CLIENT_LOCAL_FILES;
+	}
+
 	if (mysql_real_connect(mysql,hostname,username,passwd,dbname,port,socket,flags) == NULL) {
 		/* Save error messages */
 		php_mysqli_set_error(mysql_errno(mysql), (char *)mysql_error(mysql) TSRMLS_CC);