stas            Mon Jun 18 21:51:32 2007 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src/ext/mysql  php_mysql.c 
    /php-src/ext/mysqli mysqli_api.c 
    /php-src/ext/pdo_mysql      mysql_driver.c 
  Log:
  Fix INFILE LOCAL option handling with MySQL - now not allowed when 
open_basedir
  or safe_mode is active
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/mysql/php_mysql.c?r1=1.213.2.6.2.13&r2=1.213.2.6.2.14&diff_format=u
Index: php-src/ext/mysql/php_mysql.c
diff -u php-src/ext/mysql/php_mysql.c:1.213.2.6.2.13 
php-src/ext/mysql/php_mysql.c:1.213.2.6.2.14
--- php-src/ext/mysql/php_mysql.c:1.213.2.6.2.13        Thu Jun  7 12:17:35 2007
+++ php-src/ext/mysql/php_mysql.c       Mon Jun 18 21:51:32 2007
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
 */
  
-/* $Id: php_mysql.c,v 1.213.2.6.2.13 2007/06/07 12:17:35 tony2001 Exp $ */
+/* $Id: php_mysql.c,v 1.213.2.6.2.14 2007/06/18 21:51:32 stas Exp $ */
 
 /* TODO:
  *
@@ -603,7 +603,7 @@
                                break;
                }
                /* disable local infile option for open_basedir */
-                if (PG(open_basedir) && strlen(PG(open_basedir)) && 
(client_flags & CLIENT_LOCAL_FILES)) {
+               if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || 
PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) {
                        client_flags ^= CLIENT_LOCAL_FILES;
                }
 
http://cvs.php.net/viewvc.cgi/php-src/ext/mysqli/mysqli_api.c?r1=1.118.2.22.2.11&r2=1.118.2.22.2.12&diff_format=u
Index: php-src/ext/mysqli/mysqli_api.c
diff -u php-src/ext/mysqli/mysqli_api.c:1.118.2.22.2.11 
php-src/ext/mysqli/mysqli_api.c:1.118.2.22.2.12
--- php-src/ext/mysqli/mysqli_api.c:1.118.2.22.2.11     Thu Mar  8 22:49:53 2007
+++ php-src/ext/mysqli/mysqli_api.c     Mon Jun 18 21:51:32 2007
@@ -15,7 +15,7 @@
   | Author: Georg Richter <[EMAIL PROTECTED]>                                |
   +----------------------------------------------------------------------+
 
-  $Id: mysqli_api.c,v 1.118.2.22.2.11 2007/03/08 22:49:53 stas Exp $ 
+  $Id: mysqli_api.c,v 1.118.2.22.2.12 2007/06/18 21:51:32 stas Exp $ 
 */
 
 #ifdef HAVE_CONFIG_H
@@ -1289,6 +1289,12 @@
        }
        MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", 
MYSQLI_STATUS_INITIALIZED);
 
+       if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) 
{
+               if(mysql_option == MYSQL_OPT_LOCAL_INFILE) {
+                       RETURN_FALSE;
+               }
+       }
+
        switch (Z_TYPE_PP(&mysql_value)) {
                case IS_STRING:
                        ret = mysql_options(mysql->mysql, mysql_option, 
Z_STRVAL_PP(&mysql_value));
@@ -1427,9 +1433,9 @@
        MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", 
MYSQLI_STATUS_INITIALIZED);
 
        /* remove some insecure options */
-       flags ^= CLIENT_MULTI_STATEMENTS;   /* don't allow multi_queries via 
connect parameter */
-       if (PG(open_basedir) && strlen(PG(open_basedir))) {
-               flags ^= CLIENT_LOCAL_FILES;
+       flags &= ~CLIENT_MULTI_STATEMENTS;   /* don't allow multi_queries via 
connect parameter */
+       if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) 
{
+               flags &= ~CLIENT_LOCAL_FILES;
        }
 
        if (!socket) {
http://cvs.php.net/viewvc.cgi/php-src/ext/pdo_mysql/mysql_driver.c?r1=1.59.2.13.2.4&r2=1.59.2.13.2.5&diff_format=u
Index: php-src/ext/pdo_mysql/mysql_driver.c
diff -u php-src/ext/pdo_mysql/mysql_driver.c:1.59.2.13.2.4 
php-src/ext/pdo_mysql/mysql_driver.c:1.59.2.13.2.5
--- php-src/ext/pdo_mysql/mysql_driver.c:1.59.2.13.2.4  Mon Jan  1 09:36:05 2007
+++ php-src/ext/pdo_mysql/mysql_driver.c        Mon Jun 18 21:51:32 2007
@@ -17,7 +17,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: mysql_driver.c,v 1.59.2.13.2.4 2007/01/01 09:36:05 sebastian Exp $ */
+/* $Id: mysql_driver.c,v 1.59.2.13.2.5 2007/06/18 21:51:32 stas Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -492,7 +492,11 @@
                        pdo_mysql_error(dbh);
                        goto cleanup;
                }
-               
+
+               if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || 
PG(safe_mode)) {
+                       local_infile = 0;
+               }
+
                if (mysql_options(H->server, MYSQL_OPT_LOCAL_INFILE, (const 
char *)&local_infile)) {
                        pdo_mysql_error(dbh);
                        goto cleanup;

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to