Differential D20004 Diff 47766 src/aphront/storage/connection/mysql/AphrontMySQLiDatabaseConnection.php
Changeset View
Changeset View
Standalone View
Standalone View
src/aphront/storage/connection/mysql/AphrontMySQLiDatabaseConnection.php
Show First 20 Lines • Show All 58 Lines • ▼ Show 20 Lines | protected function connect() { | ||||
$conn = mysqli_init(); | $conn = mysqli_init(); | ||||
$timeout = $this->getConfiguration('timeout'); | $timeout = $this->getConfiguration('timeout'); | ||||
if ($timeout) { | if ($timeout) { | ||||
$conn->options(MYSQLI_OPT_CONNECT_TIMEOUT, $timeout); | $conn->options(MYSQLI_OPT_CONNECT_TIMEOUT, $timeout); | ||||
} | } | ||||
// See T13238. Attempt to prevent "LOAD DATA LOCAL INFILE", which allows a | |||||
// malicious server to ask the client for any file. | |||||
// NOTE: See T13238. This option does not appear to ever have any effect. | |||||
// Only the PHP level configuration of "mysqli.allow_local_infile" is | |||||
// effective in preventing "LOAD DATA LOCAL INFILE". It appears that the | |||||
// configuration option may overwrite the local option? Set the local | |||||
// option to the desired (safe) value anyway in case this starts working | |||||
// properly in some future version of PHP/MySQLi. | |||||
$conn->options(MYSQLI_OPT_LOCAL_INFILE, 0); | |||||
if ($this->getPersistent()) { | if ($this->getPersistent()) { | ||||
$host = 'p:'.$host; | $host = 'p:'.$host; | ||||
} | } | ||||
@$conn->real_connect( | @$conn->real_connect( | ||||
$host, | $host, | ||||
$user, | $user, | ||||
$pass, | $pass, | ||||
$database, | $database, | ||||
$port); | $port); | ||||
$errno = $conn->connect_errno; | $errno = $conn->connect_errno; | ||||
if ($errno) { | if ($errno) { | ||||
$error = $conn->connect_error; | $error = $conn->connect_error; | ||||
$this->throwConnectionException($errno, $error, $user, $host); | $this->throwConnectionException($errno, $error, $user, $host); | ||||
} | } | ||||
// See T13238. Attempt to prevent "LOAD DATA LOCAL INFILE", which allows a | |||||
// malicious server to ask the client for any file. At time of writing, | |||||
// this option MUST be set after "real_connect()" on all PHP versions. | |||||
$conn->options(MYSQLI_OPT_LOCAL_INFILE, 0); | |||||
$this->connectionOpen = true; | $this->connectionOpen = true; | ||||
$ok = @$conn->set_charset('utf8mb4'); | $ok = @$conn->set_charset('utf8mb4'); | ||||
if (!$ok) { | if (!$ok) { | ||||
$ok = $conn->set_charset('binary'); | $ok = $conn->set_charset('binary'); | ||||
} | } | ||||
return $conn; | return $conn; | ||||
▲ Show 20 Lines • Show All 148 Lines • Show Last 20 Lines |