Yes, it does disable all LOAD DATA cases, including files from the server ... Be my guest to extend it. Like I said, I was writing this for a client, not for the PHP tree.
It would take a few more states in the loop to check for the LOCAL keyword... because if you notice the syntax is: LOAD DATA [LOW_PRIORITY | CONCURRENT] [LOCAL] INFILE ... but it shouldn't be to complicated. If it was to become part of the PHP tree, it should probably be a little more discriminate. :-) I am not sure if any regex functions are available to be called (that are part of the PHP base) ... but if they are, the saftey check could just try matching a (list of) regex(s). -James On Tue, 5 Feb 2002, Mats Lindh wrote: > - [EMAIL PROTECTED]% (James E. Flemer): > > This patch I think will catch all cases, unless there is > > some way that mysql can escape characters (\x44 or > > something). > > As far as i can see, this patch will disable all LOAD DATA-cases, this > will however disable a feature in MySQL for loading files that resides > ON the server. There is no reason why this shouldnt be allowed if PHP > is running in safe mode. > > LOAD DATA INFILE LOCAL .. the LOCAL part is the problem. I'd guess > that just extending it to handle this would solve the problem. > > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
