stas Mon Jun 18 21:51:32 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/mysql php_mysql.c /php-src/ext/mysqli mysqli_api.c /php-src/ext/pdo_mysql mysql_driver.c Log: Fix INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active http://cvs.php.net/viewvc.cgi/php-src/ext/mysql/php_mysql.c?r1=1.213.2.6.2.13&r2=1.213.2.6.2.14&diff_format=u Index: php-src/ext/mysql/php_mysql.c diff -u php-src/ext/mysql/php_mysql.c:1.213.2.6.2.13 php-src/ext/mysql/php_mysql.c:1.213.2.6.2.14 --- php-src/ext/mysql/php_mysql.c:1.213.2.6.2.13 Thu Jun 7 12:17:35 2007 +++ php-src/ext/mysql/php_mysql.c Mon Jun 18 21:51:32 2007 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_mysql.c,v 1.213.2.6.2.13 2007/06/07 12:17:35 tony2001 Exp $ */ +/* $Id: php_mysql.c,v 1.213.2.6.2.14 2007/06/18 21:51:32 stas Exp $ */ /* TODO: * @@ -603,7 +603,7 @@ break; } /* disable local infile option for open_basedir */ - if (PG(open_basedir) && strlen(PG(open_basedir)) && (client_flags & CLIENT_LOCAL_FILES)) { + if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) { client_flags ^= CLIENT_LOCAL_FILES; } http://cvs.php.net/viewvc.cgi/php-src/ext/mysqli/mysqli_api.c?r1=1.118.2.22.2.11&r2=1.118.2.22.2.12&diff_format=u Index: php-src/ext/mysqli/mysqli_api.c diff -u php-src/ext/mysqli/mysqli_api.c:1.118.2.22.2.11 php-src/ext/mysqli/mysqli_api.c:1.118.2.22.2.12 --- php-src/ext/mysqli/mysqli_api.c:1.118.2.22.2.11 Thu Mar 8 22:49:53 2007 +++ php-src/ext/mysqli/mysqli_api.c Mon Jun 18 21:51:32 2007 @@ -15,7 +15,7 @@ | Author: Georg Richter <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ - $Id: mysqli_api.c,v 1.118.2.22.2.11 2007/03/08 22:49:53 stas Exp $ + $Id: mysqli_api.c,v 1.118.2.22.2.12 2007/06/18 21:51:32 stas Exp $ */ #ifdef HAVE_CONFIG_H @@ -1289,6 +1289,12 @@ } MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED); + if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) { + if(mysql_option == MYSQL_OPT_LOCAL_INFILE) { + RETURN_FALSE; + } + } + switch (Z_TYPE_PP(&mysql_value)) { case IS_STRING: ret = mysql_options(mysql->mysql, mysql_option, Z_STRVAL_PP(&mysql_value)); @@ -1427,9 +1433,9 @@ MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED); /* remove some insecure options */ - flags ^= CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */ - if (PG(open_basedir) && strlen(PG(open_basedir))) { - flags ^= CLIENT_LOCAL_FILES; + flags &= ~CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */ + if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) { + flags &= ~CLIENT_LOCAL_FILES; } if (!socket) { http://cvs.php.net/viewvc.cgi/php-src/ext/pdo_mysql/mysql_driver.c?r1=1.59.2.13.2.4&r2=1.59.2.13.2.5&diff_format=u Index: php-src/ext/pdo_mysql/mysql_driver.c diff -u php-src/ext/pdo_mysql/mysql_driver.c:1.59.2.13.2.4 php-src/ext/pdo_mysql/mysql_driver.c:1.59.2.13.2.5 --- php-src/ext/pdo_mysql/mysql_driver.c:1.59.2.13.2.4 Mon Jan 1 09:36:05 2007 +++ php-src/ext/pdo_mysql/mysql_driver.c Mon Jun 18 21:51:32 2007 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: mysql_driver.c,v 1.59.2.13.2.4 2007/01/01 09:36:05 sebastian Exp $ */ +/* $Id: mysql_driver.c,v 1.59.2.13.2.5 2007/06/18 21:51:32 stas Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -492,7 +492,11 @@ pdo_mysql_error(dbh); goto cleanup; } - + + if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) { + local_infile = 0; + } + if (mysql_options(H->server, MYSQL_OPT_LOCAL_INFILE, (const char *)&local_infile)) { pdo_mysql_error(dbh); goto cleanup;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php