iliaa Fri Jun 4 11:26:54 2004 EDT
Modified files:
/php-src/ext/mysql php_mysql.c
Log:
Fixed bug #28632 (Prevent open_basedir bypass in MySQL's LOAD DATA LOCAL).
http://cvs.php.net/diff.php/php-src/ext/mysql/php_mysql.c?r1=1.208&r2=1.209&ty=u
Index: php-src/ext/mysql/php_mysql.c
diff -u php-src/ext/mysql/php_mysql.c:1.208 php-src/ext/mysql/php_mysql.c:1.209
--- php-src/ext/mysql/php_mysql.c:1.208 Fri Jun 4 09:49:31 2004
+++ php-src/ext/mysql/php_mysql.c Fri Jun 4 11:26:54 2004
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_mysql.c,v 1.208 2004/06/04 13:49:31 iliaa Exp $ */
+/* $Id: php_mysql.c,v 1.209 2004/06/04 15:26:54 iliaa Exp $ */
/* TODO:
*
@@ -598,6 +598,11 @@
WRONG_PARAM_COUNT;
break;
}
+ /* disable local infile option for open_basedir */
+ if (PG(open_basedir) && strlen(PG(open_basedir)) && (client_flags &
CLIENT_LOCAL_FILES)) {
+ client_flags ^= CLIENT_LOCAL_FILES;
+ }
+
if (z_host) {
SEPARATE_ZVAL(z_host); /* We may modify z_host if it contains
a port, separate */
convert_to_string_ex(z_host);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
