summaryrefslogtreecommitdiff
path: root/ext/mysqli/mysqli_api.c
diff options
context:
space:
mode:
Diffstat (limited to 'ext/mysqli/mysqli_api.c')
-rw-r--r--ext/mysqli/mysqli_api.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index c4638ac71c..f237c960d6 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -1435,6 +1435,12 @@ PHP_FUNCTION(mysqli_real_connect)
MYSQLI_FETCH_RESOURCE(mysql, MYSQL *, prmysql, PR_MYSQL *, &mysql_link, "mysqli_link");
+ /* remove some insecure options */
+ $flags ^= CLIENT_MULTI_QUERIES; // don't allow multi_queries via connect parameter
+ if (PG(open_basedir) && strlen(PG(open_basedir))) {
+ flags ^= CLIENT_LOCAL_FILES;
+ }
+
if (mysql_real_connect(mysql,hostname,username,passwd,dbname,port,socket,flags) == NULL) {
/* Save error messages */
php_mysqli_set_error(mysql_errno(mysql), (char *)mysql_error(mysql) TSRMLS_CC);
View Lorry Controller Status