makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/security/247] Disable loading of local files on client side

Browse source 
SECURITY-247
This commit is contained in:
Marc Alexander 2019-08-11 21:31:59 +02:00
parent 0a5d167441
commit 4555817a8b
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
phpBB/phpbb/db/driver/mysqli.php
View file

@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base
if ($this->db_connect_id && $this->dbname != '') if ($this->db_connect_id && $this->dbname != '')
{ {
// Disable loading local files on client side
@mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false);
@mysqli_query($this->db_connect_id, "SET NAMES 'utf8'"); @mysqli_query($this->db_connect_id, "SET NAMES 'utf8'");
// enforce strict mode on databases that support it // enforce strict mode on databases that support it