Merge pull request #52 from phpbb/ticket/security/247

[ticket/security/247] Disable loading of local files on client side
author: Marc Alexander <admin@m-a-styles.de> 2019-08-25 18:28:56 +0200
committer: Marc Alexander <admin@m-a-styles.de> 2019-08-25 18:28:56 +0200
commit: 42e278e1c321097a0c9b9a50448ad35157b7ab2b (patch)
tree: 2a40c214df3d75528d4dcbc1620c0ab6d38773ca
parent: 79be901cea18960bbcb8571f4e2c0d982d3ca015 (diff)
parent: 4555817a8b6dc3910fff0c26422a82aa769c8904 (diff)
download: forums-42e278e1c321097a0c9b9a50448ad35157b7ab2b.tar
forums-42e278e1c321097a0c9b9a50448ad35157b7ab2b.tar.gz
forums-42e278e1c321097a0c9b9a50448ad35157b7ab2b.tar.bz2
forums-42e278e1c321097a0c9b9a50448ad35157b7ab2b.tar.xz
forums-42e278e1c321097a0c9b9a50448ad35157b7ab2b.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php
index d43e201526..b429ad97aa 100644
--- a/phpBB/phpbb/db/driver/mysqli.php
+++ b/phpBB/phpbb/db/driver/mysqli.php
@@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base
 
 		if ($this->db_connect_id && $this->dbname != '')
 		{
+			// Disable loading local files on client side
+			@mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false);
+
 			@mysqli_query($this->db_connect_id, "SET NAMES 'utf8'");
 
 			// enforce strict mode on databases that support it
author	Marc Alexander <admin@m-a-styles.de>	2019-08-25 18:28:56 +0200
committer	Marc Alexander <admin@m-a-styles.de>	2019-08-25 18:28:56 +0200
commit	42e278e1c321097a0c9b9a50448ad35157b7ab2b (patch)
tree	2a40c214df3d75528d4dcbc1620c0ab6d38773ca
parent	79be901cea18960bbcb8571f4e2c0d982d3ca015 (diff)
parent	4555817a8b6dc3910fff0c26422a82aa769c8904 (diff)
download	forums-42e278e1c321097a0c9b9a50448ad35157b7ab2b.tar forums-42e278e1c321097a0c9b9a50448ad35157b7ab2b.tar.gz forums-42e278e1c321097a0c9b9a50448ad35157b7ab2b.tar.bz2 forums-42e278e1c321097a0c9b9a50448ad35157b7ab2b.tar.xz forums-42e278e1c321097a0c9b9a50448ad35157b7ab2b.zip