[Phpmyadmin-devel] [Patch] Allow for "LOAD DATA INFILE" when using the PHP-bundled mysql client

Marc Delisle DelislMa at CollegeSherbrooke.qc.ca
Mon Sep 20 18:38:23 CEST 2004


Matthias,

I merged this:

if (PMA_MYSQL_CLIENT_API >= 32349) {
         $client_flags = $cfg['Server']['compress'] && 
defined('MYSQL_CLIENT_COMPRESS') ? MYSQL_CLIENT_COMPRESS : 0;
         // always use CLIENT_LOCAL_FILES as defined in mysql_com.h
         // for the case where the client library was not compiled
         // with --enable-local-infile
         $client_flags |= 128;
     }

IMO there was no typo (COMPRESS was working). "ORing" a new variable 
with 32 or setting it to 32 makes no difference.

Marc

Matthias Pigulla wrote:
> Hi all,
> 
> I hope this is the right place and right way to submit this patch?
> 
> As you probably know, MySQL has disabled the "LOCAL" option for "LOAD
> DATA INFILE" statements for security reasons as of MySQL 3.23.49. To be
> able to use "LOAD DATA LOCAL", you will have to add 
> 
> local-infile    = 1
> 
> to both you server's and client's my.cnf files. (Please be aware of the
> security implications!)
> 
> However, when using the mysql client bundled with PHP, these settings
> don't apply. Instead, you will have to pass the appropriate flag as an
> extra parameter to mysql_connect.
> 
> This patch adds a new config directive
> $cfg['Servers'][..]['infile_local'] = (TRUE | FALSE). Setting it to
> "TRUE" enables the mysql client bundled with PHP to use "LOAD DATA
> LOCAL" for this connection. 
> 
> Without having tested it, you should be able to use LOAD DATA LOCAL
> without setting this option if you compiled PHP with
> --with-mysql=/path/to/mysql (thus you did not use the client bundled
> with PHP) and setup my.cnf correctly.
> 
> Even when passing the additional parameter to mysql_(p)connect, the use
> of open_basedir may restrict its usage.
> 
> Besides that, there was a typo in mysql.dbi.lib.php that prevented
> passing the $client_flags to mysql_(p)connect at all; so far, that
> should have broken the use of MYSQL_CLIENT_COMPRESS.
> 
> Best regards,
> Matthias
> 
> 
> 
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> diff -ru phpMyAdmin-2.6.0-rc2/config.inc.php www/config.inc.php
> --- phpMyAdmin-2.6.0-rc2/config.inc.php	Sat Sep  4 15:40:11 2004
> +++ www/config.inc.php	Mon Sep 20 12:09:00 2004
> @@ -71,6 +71,7 @@
>  $cfg['Servers'][$i]['socket']        = '';          // Path to the socket - leave blank for default socket
>  $cfg['Servers'][$i]['connect_type']  = 'tcp';       // How to connect to MySQL server ('tcp' or 'socket')
>  $cfg['Servers'][$i]['extension']     = 'mysql';     // The php MySQL extension to use ('mysql' or 'mysqli')
> +$cfg['Servers'][$i]['infile_local']  = TRUE;        // Upon mysql_connect, set client flag to allow for 'LOAD DATA LOCAL INFILE'
>  $cfg['Servers'][$i]['compress']      = FALSE;       // Use compressed protocol for the MySQL connection
>                                                      // (requires PHP >= 4.3.0)
>  $cfg['Servers'][$i]['controluser']   = '';          // MySQL control user settings
> 
> diff -ru phpMyAdmin-2.6.0-rc2/libraries/dbi/mysql.dbi.lib.php www/libraries/dbi/mysql.dbi.lib.php
> --- phpMyAdmin-2.6.0-rc2/libraries/dbi/mysql.dbi.lib.php        Sun Jul 18 00:58:31 2004
> +++ www/libraries/dbi/mysql.dbi.lib.php Mon Sep 20 12:05:19 2004
> @@ -47,11 +47,14 @@
>                     ? ''
>                     : ':' . $cfg['Server']['socket'];
>  
> +       $client_flags = 0;
>      if (PMA_MYSQL_CLIENT_API >= 32349) {
> -        $client_flags = $cfg['Server']['compress'] && defined('MYSQL_CLIENT_COMPRESS') ? MYSQL_CLIENT_COMPRESS : 0;
> +        $client_flags |= $cfg['Server']['compress'] && defined('MYSQL_CLIENT_COMPRESS') ? MYSQL_CLIENT_COMPRESS : 0;
> +        $client_flags |= $cfg['Server']['infile_local'] ? 128 : 0; /* CLIENT_LOCAL_FILES as defined in PHP's /ext/mysql/libmysql/mysql_com.h */
>      }
>  
> -    if (empty($client_clags)) {
> +
> +    if (empty($client_flags)) {
>          $connect_func = 'mysql_' . ($cfg['PersistentConnections'] ? 'p' : '') . 'connect';
>          $link = @$connect_func($cfg['Server']['host'] . $server_port . $server_socket, $user, $password);
>      } else {





More information about the Developers mailing list