diff options
Diffstat (limited to 'sql/item_strfunc.cc')
| -rw-r--r-- | sql/item_strfunc.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index f98a14d2cc6..6897ffda56a 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -2767,6 +2767,11 @@ String *Item_load_file::val_str(String *str) (void) fn_format(path, file_name->c_ptr(), mysql_real_data_home, "", MY_RELATIVE_PATH | MY_UNPACK_FILENAME); + /* Read only allowed from within dir specified by secure_file_priv */ + if (opt_secure_file_priv && + strncmp(opt_secure_file_priv, path, strlen(opt_secure_file_priv))) + goto err; + if (!my_stat(path, &stat_info, MYF(0))) goto err; |