iliaa Fri Jun 4 11:27:05 2004 EDT
Modified files: (Branch: PHP_4_3)
/php-src NEWS
/php-src/ext/mysql php_mysql.c
Log:
MFH: Fixed bug #28632 (Prevent open_basedir bypass in MySQL's LOAD DATA
LOCAL).
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.674&r2=1.1247.2.675&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.674 php-src/NEWS:1.1247.2.675
--- php-src/NEWS:1.1247.2.674 Fri Jun 4 09:49:44 2004
+++ php-src/NEWS Fri Jun 4 11:27:05 2004
@@ -1,6 +1,8 @@
PHP 4 NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2004, Version 4.3.8
+- Fixed bug #28632 (Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL).
+ (Ilia)
- Fixed bug #28627 (When multiple MySQL links are used default link is leaked).
(gavin at ipalsoftware dot com, Ilia)
http://cvs.php.net/diff.php/php-src/ext/mysql/php_mysql.c?r1=1.174.2.26&r2=1.174.2.27&ty=u
Index: php-src/ext/mysql/php_mysql.c
diff -u php-src/ext/mysql/php_mysql.c:1.174.2.26
php-src/ext/mysql/php_mysql.c:1.174.2.27
--- php-src/ext/mysql/php_mysql.c:1.174.2.26 Fri Jun 4 09:49:44 2004
+++ php-src/ext/mysql/php_mysql.c Fri Jun 4 11:27:05 2004
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_mysql.c,v 1.174.2.26 2004/06/04 13:49:44 iliaa Exp $ */
+/* $Id: php_mysql.c,v 1.174.2.27 2004/06/04 15:27:05 iliaa Exp $ */
/* TODO:
*
@@ -593,7 +593,7 @@
break;
}
/* disable local infile option for open_basedir */
- if (PG(open_basedir) && strlen(PG(open_basedir))) {
+ if (PG(open_basedir) && strlen(PG(open_basedir)) && (client_flags &
CLIENT_LOCAL_FILES)) {
client_flags ^= CLIENT_LOCAL_FILES;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
