[phpMyAdmin Git] [phpmyadmin/phpmyadmin] aeac90: Deny using mysql extension with mysql.allow_local_infile
Michal Čihař
michal at cihar.com
Mon Jan 21 19:30:29 CET 2019
Branch: refs/heads/QA_4_8
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: aeac90623e525057a7672ab3d98154b5c57c15ec
https://github.com/phpmyadmin/phpmyadmin/commit/aeac90623e525057a7672ab3d98154b5c57c15ec
Author: Michal Čihař <michal at cihar.com>
Date: 2019-01-20 (Sun, 01 January 2019) +01:00
Changed paths:
M libraries/classes/Dbi/DbiMysql.php
Log Message:
-----------
Deny using mysql extension with mysql.allow_local_infile
This allows reading arbitrary files on the server without any way to
disable.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: c5e01f84ad48c5c626001cb92d7a95500920a900
https://github.com/phpmyadmin/phpmyadmin/commit/c5e01f84ad48c5c626001cb92d7a95500920a900
Author: Jakub Vrana <jakub at vrana.cz>
Date: 2019-01-21 (Mon, 01 January 2019) +01:00
Changed paths:
M libraries/classes/Dbi/DbiMysqli.php
Log Message:
-----------
Actually set MYSQLI_OPT_LOCAL_INFILE
1e6b740e tried to set this but failed due to https://bugs.php.net/77496
and nobody probably ever tested it.
Tested: Executed `LOAD DATA LOCAL INFILE 'README' INTO TABLE text(text)`
SQL command successfully before, unsuceesfully after.
Signed-off-by: Jakub Vrana <jakub at vrana.cz>
Commit: 828f740158e7bf14aa4a7473c5968d06364e03a2
https://github.com/phpmyadmin/phpmyadmin/commit/828f740158e7bf14aa4a7473c5968d06364e03a2
Author: Michal Čihař <michal at cihar.com>
Date: 2019-01-21 (Mon, 01 January 2019) +01:00
Changed paths:
M libraries/classes/Dbi/DbiMysql.php
Log Message:
-----------
Merge branch 'allow_local_infile' into QA_4_8
More information about the Git
mailing list