stas Mon Jun 18 21:51:32 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/mysql php_mysql.c
/php-src/ext/mysqli mysqli_api.c
/php-src/ext/pdo_mysql mysql_driver.c
Log:
Fix INFILE LOCAL option handling with MySQL - now not allowed when
open_basedir
or safe_mode is active
http://cvs.php.net/viewvc.cgi/php-src/ext/mysql/php_mysql.c?r1=1.213.2.6.2.13&r2=1.213.2.6.2.14&diff_format=u
Index: php-src/ext/mysql/php_mysql.c
diff -u php-src/ext/mysql/php_mysql.c:1.213.2.6.2.13
php-src/ext/mysql/php_mysql.c:1.213.2.6.2.14
--- php-src/ext/mysql/php_mysql.c:1.213.2.6.2.13 Thu Jun 7 12:17:35 2007
+++ php-src/ext/mysql/php_mysql.c Mon Jun 18 21:51:32 2007
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_mysql.c,v 1.213.2.6.2.13 2007/06/07 12:17:35 tony2001 Exp $ */
+/* $Id: php_mysql.c,v 1.213.2.6.2.14 2007/06/18 21:51:32 stas Exp $ */
/* TODO:
*
@@ -603,7 +603,7 @@
break;
}
/* disable local infile option for open_basedir */
- if (PG(open_basedir) && strlen(PG(open_basedir)) &&
(client_flags & CLIENT_LOCAL_FILES)) {
+ if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') ||
PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) {
client_flags ^= CLIENT_LOCAL_FILES;
}
http://cvs.php.net/viewvc.cgi/php-src/ext/mysqli/mysqli_api.c?r1=1.118.2.22.2.11&r2=1.118.2.22.2.12&diff_format=u
Index: php-src/ext/mysqli/mysqli_api.c
diff -u php-src/ext/mysqli/mysqli_api.c:1.118.2.22.2.11
php-src/ext/mysqli/mysqli_api.c:1.118.2.22.2.12
--- php-src/ext/mysqli/mysqli_api.c:1.118.2.22.2.11 Thu Mar 8 22:49:53 2007
+++ php-src/ext/mysqli/mysqli_api.c Mon Jun 18 21:51:32 2007
@@ -15,7 +15,7 @@
| Author: Georg Richter <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
- $Id: mysqli_api.c,v 1.118.2.22.2.11 2007/03/08 22:49:53 stas Exp $
+ $Id: mysqli_api.c,v 1.118.2.22.2.12 2007/06/18 21:51:32 stas Exp $
*/
#ifdef HAVE_CONFIG_H
@@ -1289,6 +1289,12 @@
}
MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link",
MYSQLI_STATUS_INITIALIZED);
+ if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode))
{
+ if(mysql_option == MYSQL_OPT_LOCAL_INFILE) {
+ RETURN_FALSE;
+ }
+ }
+
switch (Z_TYPE_PP(&mysql_value)) {
case IS_STRING:
ret = mysql_options(mysql->mysql, mysql_option,
Z_STRVAL_PP(&mysql_value));
@@ -1427,9 +1433,9 @@
MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link",
MYSQLI_STATUS_INITIALIZED);
/* remove some insecure options */
- flags ^= CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via
connect parameter */
- if (PG(open_basedir) && strlen(PG(open_basedir))) {
- flags ^= CLIENT_LOCAL_FILES;
+ flags &= ~CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via
connect parameter */
+ if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode))
{
+ flags &= ~CLIENT_LOCAL_FILES;
}
if (!socket) {
http://cvs.php.net/viewvc.cgi/php-src/ext/pdo_mysql/mysql_driver.c?r1=1.59.2.13.2.4&r2=1.59.2.13.2.5&diff_format=u
Index: php-src/ext/pdo_mysql/mysql_driver.c
diff -u php-src/ext/pdo_mysql/mysql_driver.c:1.59.2.13.2.4
php-src/ext/pdo_mysql/mysql_driver.c:1.59.2.13.2.5
--- php-src/ext/pdo_mysql/mysql_driver.c:1.59.2.13.2.4 Mon Jan 1 09:36:05 2007
+++ php-src/ext/pdo_mysql/mysql_driver.c Mon Jun 18 21:51:32 2007
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mysql_driver.c,v 1.59.2.13.2.4 2007/01/01 09:36:05 sebastian Exp $ */
+/* $Id: mysql_driver.c,v 1.59.2.13.2.5 2007/06/18 21:51:32 stas Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -492,7 +492,11 @@
pdo_mysql_error(dbh);
goto cleanup;
}
-
+
+ if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') ||
PG(safe_mode)) {
+ local_infile = 0;
+ }
+
if (mysql_options(H->server, MYSQL_OPT_LOCAL_INFILE, (const
char *)&local_infile)) {
pdo_mysql_error(dbh);
goto cleanup;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
