mirror of
https://github.com/php/php-src.git
synced 2026-04-24 16:38:25 +02:00
Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction)
Actually, this only be fixed if php uses mysqlnd
This commit is contained in:
Xinchen Hui
@@ -2,6 +2,10 @@ PHP NEWS
|
||||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||
?? ??? 2015, PHP 5.6.17
|
||||
|
||||
- Mysqlnd:
|
||||
. Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
|
||||
(Laruence)
|
||||
|
||||
- SOAP:
|
||||
. Fixed bug #70900 (SoapClient systematic out of memory error). (Dmitry)
|
||||
|
||||
|
||||
@@ -799,6 +799,7 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
|
||||
passwd_len = passwd? strlen(passwd):0;
|
||||
}
|
||||
|
||||
#if !defined(MYSQL_USE_MYSQLND)
|
||||
/* disable local infile option for open_basedir */
|
||||
#if PHP_API_VERSION < 20100412
|
||||
if (((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) && (client_flags & CLIENT_LOCAL_FILES)) {
|
||||
@@ -807,6 +808,7 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
|
||||
#endif
|
||||
client_flags ^= CLIENT_LOCAL_FILES;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef CLIENT_MULTI_RESULTS
|
||||
client_flags |= CLIENT_MULTI_RESULTS; /* compatibility with 5.2, see bug#50416 */
|
||||
|
||||
@@ -1824,6 +1824,7 @@ PHP_FUNCTION(mysqli_options)
|
||||
}
|
||||
MYSQLI_FETCH_RESOURCE_CONN(mysql, &mysql_link, MYSQLI_STATUS_INITIALIZED);
|
||||
|
||||
#if !defined(MYSQLI_USE_MYSQLND)
|
||||
#if PHP_API_VERSION < 20100412
|
||||
if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
|
||||
#else
|
||||
@@ -1833,6 +1834,7 @@ PHP_FUNCTION(mysqli_options)
|
||||
RETURN_FALSE;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
expected_type = mysqli_options_get_option_zval_type(mysql_option);
|
||||
if (expected_type != Z_TYPE_PP(mysql_value)) {
|
||||
switch (expected_type) {
|
||||
|
||||
@@ -120,9 +120,11 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_real_conne
|
||||
flags |= CLIENT_MULTI_RESULTS; /* needed for mysql_multi_query() */
|
||||
/* remove some insecure options */
|
||||
flags &= ~CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */
|
||||
#if !defined(MYSQLI_USE_MYSQLND)
|
||||
if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
|
||||
flags &= ~CLIENT_LOCAL_FILES;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if (!socket_len || !socket) {
|
||||
|
||||
@@ -0,0 +1,70 @@
|
||||
--TEST--
|
||||
Bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction)
|
||||
--SKIPIF--
|
||||
<?php
|
||||
require_once('skipif.inc');
|
||||
require_once('skipifconnectfailure.inc');
|
||||
if (!$IS_MYSQLND) {
|
||||
die("skip: test applies only to mysqlnd");
|
||||
}
|
||||
?>
|
||||
--INI--
|
||||
open_basedir={PWD}
|
||||
--FILE--
|
||||
<?php
|
||||
require_once("connect.inc");
|
||||
|
||||
if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) {
|
||||
printf("[001] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
|
||||
}
|
||||
|
||||
if (!$link->query("DROP TABLE IF EXISTS test")) {
|
||||
printf("[002] [%d] %s\n", $link->errno, $link->error);
|
||||
}
|
||||
|
||||
if (!$link->query("CREATE TABLE test (dump1 INT UNSIGNED NOT NULL PRIMARY KEY) ENGINE=" . $engine)) {
|
||||
printf("[003] [%d] %s\n", $link->errno, $link->error);
|
||||
}
|
||||
|
||||
if (FALSE == file_put_contents(__DIR__ . '/bug53503.data', "1\n2\n3\n"))
|
||||
printf("[004] Failed to create CVS file\n");
|
||||
|
||||
if (!$link->query("SELECT 1 FROM DUAL"))
|
||||
printf("[005] [%d] %s\n", $link->errno, $link->error);
|
||||
|
||||
if (!$link->query("LOAD DATA LOCAL INFILE '" . __DIR__ . "/bug53503.data' INTO TABLE test")) {
|
||||
printf("[006] [%d] %s\n", $link->errno, $link->error);
|
||||
echo "bug\n";
|
||||
} else {
|
||||
echo "done\n";
|
||||
}
|
||||
|
||||
if (!$link->query("LOAD DATA LOCAL INFILE '../../bug53503.data' INTO TABLE test")) {
|
||||
printf("[006] [%d] %s\n", $link->errno, $link->error);
|
||||
echo "done\n";
|
||||
} else {
|
||||
echo "bug\n";
|
||||
}
|
||||
$link->close();
|
||||
?>
|
||||
--CLEAN--
|
||||
<?php
|
||||
require_once('connect.inc');
|
||||
|
||||
if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) {
|
||||
printf("[clean] Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n",
|
||||
$host, $user, $db, $port, $socket);
|
||||
}
|
||||
|
||||
if (!$link->query($link, 'DROP TABLE IF EXISTS test')) {
|
||||
printf("[clean] Failed to drop old test table: [%d] %s\n", mysqli_errno($link), mysqli_error($link));
|
||||
}
|
||||
|
||||
$link->close();
|
||||
|
||||
unlink('bug53503.data');
|
||||
?>
|
||||
--EXPECTF--
|
||||
done
|
||||
[006] [2000] open_basedir restriction in effect. Unable to open file
|
||||
done
|
||||
@@ -8,16 +8,22 @@ require_once('skipifconnectfailure.inc');
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
require_once('connect.inc');
|
||||
ini_set("open_basedir", __DIR__);
|
||||
if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket))
|
||||
printf("[001] Cannot connect, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
|
||||
require_once('connect.inc');
|
||||
ini_set("open_basedir", __DIR__);
|
||||
if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket))
|
||||
printf("[001] Cannot connect, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
|
||||
|
||||
if ($IS_MYSQLND) {
|
||||
if (true !== mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, 1))
|
||||
printf("[002] Can not set MYSQLI_OPT_LOCAL_INFILE although open_basedir is set!\n");
|
||||
|
||||
} else {
|
||||
if (false !== mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, 1))
|
||||
printf("[002] Can set MYSQLI_OPT_LOCAL_INFILE although open_basedir is set!\n");
|
||||
|
||||
mysqli_close($link);
|
||||
print "done!";
|
||||
}
|
||||
mysqli_close($link);
|
||||
print "done!";
|
||||
?>
|
||||
--EXPECTF--
|
||||
done!
|
||||
|
||||
@@ -759,10 +759,6 @@ MYSQLND_METHOD(mysqlnd_conn_data, get_updated_connect_flags)(MYSQLND_CONN_DATA *
|
||||
|
||||
mysql_flags |= conn->options->flags; /* use the flags from set_client_option() */
|
||||
|
||||
if (PG(open_basedir) && strlen(PG(open_basedir))) {
|
||||
mysql_flags ^= CLIENT_LOCAL_FILES;
|
||||
}
|
||||
|
||||
#ifndef MYSQLND_COMPRESSION_ENABLED
|
||||
if (mysql_flags & CLIENT_COMPRESS) {
|
||||
mysql_flags &= ~CLIENT_COMPRESS;
|
||||
|
||||
@@ -629,6 +629,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
#ifndef PDO_USE_MYSQLND
|
||||
#if PHP_API_VERSION < 20100412
|
||||
if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode))
|
||||
#else
|
||||
@@ -637,6 +638,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
|
||||
{
|
||||
local_infile = 0;
|
||||
}
|
||||
#endif
|
||||
#if defined(MYSQL_OPT_LOCAL_INFILE) || defined(PDO_USE_MYSQLND)
|
||||
if (mysql_options(H->server, MYSQL_OPT_LOCAL_INFILE, (const char *)&local_infile)) {
|
||||
pdo_mysql_error(dbh);
|
||||
|
||||
Reference in New Issue
Block a user