[PHP-CVS] cvs: php-src /ext/mysqli mysqli_api.c /ext/pdo_mysql mysql_driver.c

Mon, 18 Jun 2007 15:02:19 -0700 

stas            Mon Jun 18 21:59:05 2007 UTC

  Modified files:              
    /php-src/ext/mysqli mysqli_api.c 
    /php-src/ext/pdo_mysql      mysql_driver.c 
  Log:
  Fix INFILE LOCAL option handling with MySQL - now not allowed when 
open_basedir
  is active
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/mysqli/mysqli_api.c?r1=1.146&r2=1.147&diff_format=u
Index: php-src/ext/mysqli/mysqli_api.c
diff -u php-src/ext/mysqli/mysqli_api.c:1.146 
php-src/ext/mysqli/mysqli_api.c:1.147
--- php-src/ext/mysqli/mysqli_api.c:1.146       Sat Apr 14 10:42:41 2007
+++ php-src/ext/mysqli/mysqli_api.c     Mon Jun 18 21:59:05 2007
@@ -15,7 +15,7 @@
   | Author: Georg Richter <[EMAIL PROTECTED]>                                |
   +----------------------------------------------------------------------+
 
-  $Id: mysqli_api.c,v 1.146 2007/04/14 10:42:41 tony2001 Exp $ 
+  $Id: mysqli_api.c,v 1.147 2007/06/18 21:59:05 stas Exp $ 
 */
 
 #ifdef HAVE_CONFIG_H
@@ -1320,6 +1320,12 @@
        }
        MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", 
MYSQLI_STATUS_INITIALIZED);
 
+       if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
+               if(mysql_option == MYSQL_OPT_LOCAL_INFILE) {
+                       RETURN_FALSE;
+               }
+       }
+
        switch (Z_TYPE_PP(&mysql_value)) {
                case IS_UNICODE:
                        zval_unicode_to_string(mysql_value TSRMLS_CC);
@@ -1453,9 +1459,9 @@
        MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", 
MYSQLI_STATUS_INITIALIZED);
 
        /* remove some insecure options */
-       flags ^= CLIENT_MULTI_STATEMENTS;   /* don't allow multi_queries via 
connect parameter */
-       if (PG(open_basedir) && strlen(PG(open_basedir))) {
-               flags ^= CLIENT_LOCAL_FILES;
+       flags &= ~CLIENT_MULTI_STATEMENTS;   /* don't allow multi_queries via 
connect parameter */
+       if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
+               flags &= ~CLIENT_LOCAL_FILES;
        }
 
        if (!socket) {
http://cvs.php.net/viewvc.cgi/php-src/ext/pdo_mysql/mysql_driver.c?r1=1.77&r2=1.78&diff_format=u
Index: php-src/ext/pdo_mysql/mysql_driver.c
diff -u php-src/ext/pdo_mysql/mysql_driver.c:1.77 
php-src/ext/pdo_mysql/mysql_driver.c:1.78
--- php-src/ext/pdo_mysql/mysql_driver.c:1.77   Mon Jan  1 09:29:28 2007
+++ php-src/ext/pdo_mysql/mysql_driver.c        Mon Jun 18 21:59:05 2007
@@ -17,7 +17,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: mysql_driver.c,v 1.77 2007/01/01 09:29:28 sebastian Exp $ */
+/* $Id: mysql_driver.c,v 1.78 2007/06/18 21:59:05 stas Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -476,6 +476,10 @@
                H->emulate_prepare = pdo_attr_lval(driver_options, 
PDO_MYSQL_ATTR_DIRECT_QUERY, 1 TSRMLS_CC);
                H->max_buffer_size = pdo_attr_lval(driver_options, 
PDO_MYSQL_ATTR_MAX_BUFFER_SIZE, H->max_buffer_size TSRMLS_CC);
 
+               if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
+                       local_infile = 0;
+               }
+
                if (mysql_options(H->server, MYSQL_OPT_CONNECT_TIMEOUT, (const 
char *)&connect_timeout)) {
                        pdo_mysql_error(dbh);
                        goto cleanup;

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to