georg Sat May 31 03:05:34 2003 EDT Modified files: /php4/ext/mysqli mysqli_api.c Log: additional check for unsecure connect options Index: php4/ext/mysqli/mysqli_api.c diff -u php4/ext/mysqli/mysqli_api.c:1.26 php4/ext/mysqli/mysqli_api.c:1.27 --- php4/ext/mysqli/mysqli_api.c:1.26 Sat May 3 23:15:02 2003 +++ php4/ext/mysqli/mysqli_api.c Sat May 31 03:05:34 2003 @@ -15,7 +15,7 @@ | Author: Georg Richter <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ - $Id: mysqli_api.c,v 1.26 2003/05/04 03:15:02 zak Exp $ + $Id: mysqli_api.c,v 1.27 2003/05/31 07:05:34 georg Exp $ */ #ifdef HAVE_CONFIG_H @@ -1434,6 +1434,12 @@ } MYSQLI_FETCH_RESOURCE(mysql, MYSQL *, prmysql, PR_MYSQL *, &mysql_link, "mysqli_link"); + + /* remove some insecure options */ + $flags ^= CLIENT_MULTI_QUERIES; // don't allow multi_queries via connect parameter + if (PG(open_basedir) && strlen(PG(open_basedir))) { + flags ^= CLIENT_LOCAL_FILES; + } if (mysql_real_connect(mysql,hostname,username,passwd,dbname,port,socket,flags) == NULL) { /* Save error messages */
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php