diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-08-11 21:31:59 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-08-11 21:31:59 +0200 |
| commit | 4555817a8b6dc3910fff0c26422a82aa769c8904 (patch) | |
| tree | 3582d22700691aacfaf8a6758fdaf4272e28369f /phpBB/phpbb/db/driver | |
| parent | 0a5d167441004c4ed56b6b7cf32fd0c0eb5ae443 (diff) | |
| download | forums-4555817a8b6dc3910fff0c26422a82aa769c8904.tar forums-4555817a8b6dc3910fff0c26422a82aa769c8904.tar.gz forums-4555817a8b6dc3910fff0c26422a82aa769c8904.tar.bz2 forums-4555817a8b6dc3910fff0c26422a82aa769c8904.tar.xz forums-4555817a8b6dc3910fff0c26422a82aa769c8904.zip | |
[ticket/security/247] Disable loading of local files on client side
SECURITY-247
Diffstat (limited to 'phpBB/phpbb/db/driver')
| -rw-r--r-- | phpBB/phpbb/db/driver/mysqli.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php index d43e201526..b429ad97aa 100644 --- a/phpBB/phpbb/db/driver/mysqli.php +++ b/phpBB/phpbb/db/driver/mysqli.php @@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base if ($this->db_connect_id && $this->dbname != '') { + // Disable loading local files on client side + @mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false); + @mysqli_query($this->db_connect_id, "SET NAMES 'utf8'"); // enforce strict mode on databases that support it |