georg           Sat May 31 03:05:34 2003 EDT

  Modified files:              
    /php4/ext/mysqli    mysqli_api.c 
  Log:
  additional check for unsecure connect options
  
  
Index: php4/ext/mysqli/mysqli_api.c
diff -u php4/ext/mysqli/mysqli_api.c:1.26 php4/ext/mysqli/mysqli_api.c:1.27
--- php4/ext/mysqli/mysqli_api.c:1.26   Sat May  3 23:15:02 2003
+++ php4/ext/mysqli/mysqli_api.c        Sat May 31 03:05:34 2003
@@ -15,7 +15,7 @@
   | Author: Georg Richter <[EMAIL PROTECTED]>                                |
   +----------------------------------------------------------------------+
 
-  $Id: mysqli_api.c,v 1.26 2003/05/04 03:15:02 zak Exp $ 
+  $Id: mysqli_api.c,v 1.27 2003/05/31 07:05:34 georg Exp $ 
 */
 
 #ifdef HAVE_CONFIG_H
@@ -1434,6 +1434,12 @@
        }       
 
        MYSQLI_FETCH_RESOURCE(mysql, MYSQL *, prmysql, PR_MYSQL *, &mysql_link, 
"mysqli_link");
+
+       /* remove some insecure options */
+       $flags ^= CLIENT_MULTI_QUERIES;   // don't allow multi_queries via connect 
parameter
+       if (PG(open_basedir) && strlen(PG(open_basedir))) {
+               flags ^= CLIENT_LOCAL_FILES;
+       }
 
        if 
(mysql_real_connect(mysql,hostname,username,passwd,dbname,port,socket,flags) == NULL) {
                /* Save error messages */



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to