diff options
| author | Georg Richter <georg@php.net> | 2003-05-31 07:05:34 +0000 |
|---|---|---|
| committer | Georg Richter <georg@php.net> | 2003-05-31 07:05:34 +0000 |
| commit | 82afbdc28160a9673814f623c3af01ed077ebadd (patch) | |
| tree | 9b34d5b26d7a0aa2041e858a6514bbbf7bab1398 | |
| parent | 8b158fa15fd044c49b9ade8cc4cc5c387fa7aaa0 (diff) | |
| download | php-git-82afbdc28160a9673814f623c3af01ed077ebadd.tar.gz | |
additional check for unsecure connect options
| -rw-r--r-- | ext/mysqli/mysqli_api.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c index c4638ac71c..f237c960d6 100644 --- a/ext/mysqli/mysqli_api.c +++ b/ext/mysqli/mysqli_api.c @@ -1435,6 +1435,12 @@ PHP_FUNCTION(mysqli_real_connect) MYSQLI_FETCH_RESOURCE(mysql, MYSQL *, prmysql, PR_MYSQL *, &mysql_link, "mysqli_link"); + /* remove some insecure options */ + $flags ^= CLIENT_MULTI_QUERIES; // don't allow multi_queries via connect parameter + if (PG(open_basedir) && strlen(PG(open_basedir))) { + flags ^= CLIENT_LOCAL_FILES; + } + if (mysql_real_connect(mysql,hostname,username,passwd,dbname,port,socket,flags) == NULL) { /* Save error messages */ php_mysqli_set_error(mysql_errno(mysql), (char *)mysql_error(mysql) TSRMLS_CC); |