diff options
author | Darek Slusarczyk <dariusz.slusarczyk@oracle.com> | 2021-02-22 11:03:24 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2021-02-23 09:30:46 +0100 |
commit | da011a312a6c6cd7ff12fe1aa0de1e33fba2f167 (patch) | |
tree | c3e37dadfa5ea7aec39ca3695779fe30c7bd96f6 /ext/pdo_mysql/tests/pdo_mysql_local_infile_directory_denied.phpt | |
parent | 7f8ea83ef438fbcfa1cbc636d701491d4e773245 (diff) | |
download | php-git-da011a312a6c6cd7ff12fe1aa0de1e33fba2f167.tar.gz |
Fix #80329: Add option to specify LOAD DATA LOCAL white list folder
* allow the user to specify a folder where files that can be sent
via LOAD DATA LOCAL can exist
* add mysqli.local_infile_directory for mysqli
(ignored if mysqli.allow_local_infile is enabled)
* add PDO::MYSQL_ATTR_LOCAL_INFILE_DIRECTORY for pdo_mysql
(ignored if PDO::MYSQL_ATTR_LOCAL_INFILE is enabled)
* add related tests
* fixes for building with libmysql 8.x
* small improvement in existing tests
* update php.ini-[development|production] files
Closes GH-6448.
Co-authored-by: Nikita Popov <nikic@php.net>
Diffstat (limited to 'ext/pdo_mysql/tests/pdo_mysql_local_infile_directory_denied.phpt')
-rw-r--r-- | ext/pdo_mysql/tests/pdo_mysql_local_infile_directory_denied.phpt | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/ext/pdo_mysql/tests/pdo_mysql_local_infile_directory_denied.phpt b/ext/pdo_mysql/tests/pdo_mysql_local_infile_directory_denied.phpt new file mode 100644 index 0000000000..c955c1daad --- /dev/null +++ b/ext/pdo_mysql/tests/pdo_mysql_local_infile_directory_denied.phpt @@ -0,0 +1,76 @@ +--TEST-- +PDO::MYSQL_ATTR_LOCAL_INFILE_DIRECTORY vs access denied +--SKIPIF-- +<?php +require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc'); +require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc'); +MySQLPDOTest::skip(); +require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipifinfilenotallowed.inc'); +if (!defined('PDO::MYSQL_ATTR_LOCAL_INFILE_DIRECTORY')) { + die("skip No MYSQL_ATTR_LOCAL_INFILE_DIRECTORY support"); +} +?> +--FILE-- +<?php + function exec_and_count($offset, &$db, $sql, $exp) { + try { + $ret = $db->exec($sql); + if ($ret !== $exp) { + printf("[%03d] Expecting '%s'/%s got '%s'/%s when running '%s', [%s] %s\n", + $offset, $exp, gettype($exp), $ret, gettype($ret), $sql, + $db->errorCode(), implode(' ', $db->errorInfo())); + return false; + } + } catch (PDOException $e) { + printf("[%03d] '%s' has failed, [%s] %s\n", + $offset, $sql, $db->errorCode(), implode(' ', $db->errorInfo())); + return false; + } + + return true; + } + + require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc'); + putenv('PDOTEST_ATTR='.serialize([ + PDO::MYSQL_ATTR_LOCAL_INFILE=>false, + PDO::MYSQL_ATTR_LOCAL_INFILE_DIRECTORY=>__DIR__."/foo/bar" + ])); + $db = MySQLPDOTest::factory(); + MySQLPDOTest::createTestTable($db, MySQLPDOTest::detect_transactional_mysql_engine($db)); + + try { + exec_and_count(1, $db, 'DROP TABLE IF EXISTS test', 0); + exec_and_count(2, $db, sprintf('CREATE TABLE test(id INT NOT NULL PRIMARY KEY, col1 CHAR(10)) ENGINE=%s', PDO_MYSQL_TEST_ENGINE), 0); + + $filepath = str_replace('\\', '/', __DIR__.'/foo/foo.data'); + + $sql = sprintf("LOAD DATA LOCAL INFILE %s INTO TABLE test FIELDS TERMINATED BY ';' LINES TERMINATED BY '\n'", $db->quote($filepath)); + if (exec_and_count(3, $db, $sql, false)) { + $stmt = $db->query('SELECT id, col1 FROM test ORDER BY id ASC'); + $expected = array(); + $ret = $stmt->fetchAll(PDO::FETCH_ASSOC); + if ($ret != $expected) { + printf("Results seem wrong, check manually\n"); + echo "------ EXPECTED OUTPUT ------\n"; + var_dump($expected); + echo "------ ACTUAL OUTPUT ------\n"; + var_dump($ret); + } + } + } catch (PDOException $e) { + printf("[001] %s, [%s] %s\n", + $e->getMessage(), + $db->errorCode(), implode(' ', $db->errorInfo())); + } + + print "done!"; +?> +--CLEAN-- +<?php +require dirname(__FILE__) . '/mysql_pdo_test.inc'; +$db = MySQLPDOTest::factory(); +$db->exec('DROP TABLE IF EXISTS test'); +?> +--EXPECTF-- +Warning: PDO::exec(): SQLSTATE[HY000]: General error: 2068 LOAD DATA LOCAL INFILE %s in %s on line %d +done! |