iliaa Fri Jun 4 11:27:05 2004 EDT Modified files: (Branch: PHP_4_3) /php-src NEWS /php-src/ext/mysql php_mysql.c Log: MFH: Fixed bug #28632 (Prevent open_basedir bypass in MySQL's LOAD DATA LOCAL). http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.674&r2=1.1247.2.675&ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.674 php-src/NEWS:1.1247.2.675 --- php-src/NEWS:1.1247.2.674 Fri Jun 4 09:49:44 2004 +++ php-src/NEWS Fri Jun 4 11:27:05 2004 @@ -1,6 +1,8 @@ PHP 4 NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2004, Version 4.3.8 +- Fixed bug #28632 (Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL). + (Ilia) - Fixed bug #28627 (When multiple MySQL links are used default link is leaked). (gavin at ipalsoftware dot com, Ilia) http://cvs.php.net/diff.php/php-src/ext/mysql/php_mysql.c?r1=1.174.2.26&r2=1.174.2.27&ty=u Index: php-src/ext/mysql/php_mysql.c diff -u php-src/ext/mysql/php_mysql.c:1.174.2.26 php-src/ext/mysql/php_mysql.c:1.174.2.27 --- php-src/ext/mysql/php_mysql.c:1.174.2.26 Fri Jun 4 09:49:44 2004 +++ php-src/ext/mysql/php_mysql.c Fri Jun 4 11:27:05 2004 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_mysql.c,v 1.174.2.26 2004/06/04 13:49:44 iliaa Exp $ */ +/* $Id: php_mysql.c,v 1.174.2.27 2004/06/04 15:27:05 iliaa Exp $ */ /* TODO: * @@ -593,7 +593,7 @@ break; } /* disable local infile option for open_basedir */ - if (PG(open_basedir) && strlen(PG(open_basedir))) { + if (PG(open_basedir) && strlen(PG(open_basedir)) && (client_flags & CLIENT_LOCAL_FILES)) { client_flags ^= CLIENT_LOCAL_FILES; }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php