From: Stanislav Malyshev Date: Mon, 18 Jun 2007 21:51:32 +0000 (+0000) Subject: Fix INFILE LOCAL option handling with MySQL - now not allowed when open_basedir X-Git-Tag: php-5.2.4RC1~326 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b925a9248b11823f834a139a7af106aaea1ca087;p=php Fix INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active --- diff --git a/ext/mysql/php_mysql.c b/ext/mysql/php_mysql.c index 172249665d..35b9dc66c1 100644 --- a/ext/mysql/php_mysql.c +++ b/ext/mysql/php_mysql.c @@ -603,7 +603,7 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent) break; } /* disable local infile option for open_basedir */ - if (PG(open_basedir) && strlen(PG(open_basedir)) && (client_flags & CLIENT_LOCAL_FILES)) { + if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) { client_flags ^= CLIENT_LOCAL_FILES; } diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c index 71a7308f6a..5afd565ff5 100644 --- a/ext/mysqli/mysqli_api.c +++ b/ext/mysqli/mysqli_api.c @@ -1289,6 +1289,12 @@ PHP_FUNCTION(mysqli_options) } MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED); + if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) { + if(mysql_option == MYSQL_OPT_LOCAL_INFILE) { + RETURN_FALSE; + } + } + switch (Z_TYPE_PP(&mysql_value)) { case IS_STRING: ret = mysql_options(mysql->mysql, mysql_option, Z_STRVAL_PP(&mysql_value)); @@ -1427,9 +1433,9 @@ PHP_FUNCTION(mysqli_real_connect) MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED); /* remove some insecure options */ - flags ^= CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */ - if (PG(open_basedir) && strlen(PG(open_basedir))) { - flags ^= CLIENT_LOCAL_FILES; + flags &= ~CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */ + if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) { + flags &= ~CLIENT_LOCAL_FILES; } if (!socket) { diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c index 8f099e0d71..0519d585c6 100755 --- a/ext/pdo_mysql/mysql_driver.c +++ b/ext/pdo_mysql/mysql_driver.c @@ -492,7 +492,11 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ pdo_mysql_error(dbh); goto cleanup; } - + + if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) { + local_infile = 0; + } + if (mysql_options(H->server, MYSQL_OPT_LOCAL_INFILE, (const char *)&local_infile)) { pdo_mysql_error(dbh); goto cleanup;