Changeset View
Changeset View
Standalone View
Standalone View
src/applications/config/check/PhabricatorPHPConfigSetupCheck.php
| Show First 20 Lines • Show All 106 Lines • ▼ Show 20 Lines | if (!extension_loaded('mysqli')) { | ||||
| $this->newIssue('php.myqlnd') | $this->newIssue('php.myqlnd') | ||||
| ->setName(pht('MySQL Native Driver Not Available')) | ->setName(pht('MySQL Native Driver Not Available')) | ||||
| ->setSummary($summary) | ->setSummary($summary) | ||||
| ->setMessage($message); | ->setMessage($message); | ||||
| } | } | ||||
| if (extension_loaded('mysqli')) { | |||||
| $infile_key = 'mysqli.allow_local_infile'; | |||||
| } else { | |||||
| $infile_key = 'mysql.allow_local_infile'; | |||||
| } | |||||
| if (ini_get($infile_key)) { | |||||
| $summary = pht( | |||||
| 'Disable unsafe option "%s" in PHP configuration.', | |||||
| $infile_key); | |||||
| $message = pht( | |||||
| 'PHP is currently configured to honor requests from any MySQL server '. | |||||
| 'it connects to for the content of any local file.'. | |||||
| "\n\n". | |||||
| 'This capability supports MySQL "LOAD DATA LOCAL INFILE" queries, but '. | |||||
| 'allows a malicious MySQL server read access to the local disk: the '. | |||||
| 'server can ask the client to send the content of any local file, '. | |||||
| 'and the client will comply.'. | |||||
| "\n\n". | |||||
| 'Although it is normally difficult for an attacker to convince '. | |||||
| 'Phabricator to connect to a malicious MySQL server, you should '. | |||||
| 'disable this option: this capability is unnecessary and inherently '. | |||||
| 'dangerous.'. | |||||
| "\n\n". | |||||
| 'To disable this option, set: %s', | |||||
| phutil_tag('tt', array(), pht('%s = 0', $infile_key))); | |||||
| $this->newIssue('php.'.$infile_key) | |||||
| ->setName(pht('Unsafe PHP "Local Infile" Configuration')) | |||||
| ->setSummary($summary) | |||||
| ->setMessage($message) | |||||
| ->addPHPConfig($infile_key); | |||||
| } | |||||
| } | } | ||||
| } | } | ||||