Changeset View
Changeset View
Standalone View
Standalone View
src/applications/config/check/PhabricatorMySQLSetupCheck.php
| Show First 20 Lines • Show All 376 Lines • ▼ Show 20 Lines | if ($delta > 60) { | ||||
| 'current time by more than 60 seconds (absolute skew is %s '. | 'current time by more than 60 seconds (absolute skew is %s '. | ||||
| 'seconds). Check that the current time is set correctly '. | 'seconds). Check that the current time is set correctly '. | ||||
| 'everywhere.', | 'everywhere.', | ||||
| $host_name, | $host_name, | ||||
| php_uname('n'), | php_uname('n'), | ||||
| new PhutilNumber($delta))); | new PhutilNumber($delta))); | ||||
| } | } | ||||
| $local_infile = $ref->loadRawMySQLConfigValue('local_infile'); | |||||
| if ($local_infile) { | |||||
| $summary = pht( | |||||
| 'The MySQL "local_infile" option is enabled. This option is '. | |||||
| 'unsafe.'); | |||||
| $message = pht( | |||||
| 'Your MySQL server is configured with the "local_infile" option '. | |||||
| 'enabled. This option allows an attacker who finds an SQL injection '. | |||||
| 'hole to escalate their attack by copying files from the webserver '. | |||||
| 'into the database with "LOAD DATA LOCAL INFILE" queries, then '. | |||||
| 'reading the file content with "SELECT" queries.'. | |||||
| "\n\n". | |||||
| 'You should disable this option in your %s file, in the %s section:'. | |||||
| "\n\n". | |||||
| '%s', | |||||
| phutil_tag('tt', array(), 'my.cnf'), | |||||
| phutil_tag('tt', array(), '[mysqld]'), | |||||
| phutil_tag('pre', array(), 'local_infile=0')); | |||||
| $this->newIssue('mysql.local_infile') | |||||
| ->setName(pht('Unsafe MySQL "local_infile" Setting Enabled')) | |||||
| ->setSummary($summary) | |||||
| ->setMessage($message) | |||||
| ->setDatabaseRef($ref) | |||||
| ->addMySQLConfig('local_infile'); | |||||
| } | |||||
| } | } | ||||
| protected function shouldUseMySQLSearchEngine() { | protected function shouldUseMySQLSearchEngine() { | ||||
| $services = PhabricatorSearchService::getAllServices(); | $services = PhabricatorSearchService::getAllServices(); | ||||
| foreach ($services as $service) { | foreach ($services as $service) { | ||||
| if ($service instanceof PhabricatorMySQLSearchHost) { | if ($service instanceof PhabricatorMySQLSearchHost) { | ||||
| return true; | return true; | ||||
| } | } | ||||
| } | } | ||||
| return false; | return false; | ||||
| } | } | ||||
| } | } | ||||