From 4555817a8b6dc3910fff0c26422a82aa769c8904 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sun, 11 Aug 2019 21:31:59 +0200
Subject: [ticket/security/247] Disable loading of local files on client side

SECURITY-247
---
 phpBB/phpbb/db/driver/mysqli.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'phpBB/phpbb/db')

diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php
index d43e201526..b429ad97aa 100644
--- a/phpBB/phpbb/db/driver/mysqli.php
+++ b/phpBB/phpbb/db/driver/mysqli.php
@@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base
 
 		if ($this->db_connect_id && $this->dbname != '')
 		{
+			// Disable loading local files on client side
+			@mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false);
+
 			@mysqli_query($this->db_connect_id, "SET NAMES 'utf8'");
 
 			// enforce strict mode on databases that support it
-- 
cgit v1.2.1


From b94464d06382a4b379d9dcd52f1bee757a4a0500 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sun, 8 Sep 2019 21:53:52 +0200
Subject: [prep-release-3.2.8] Add migration for 3.2.8

---
 phpBB/phpbb/db/migration/data/v32x/v328.php | 36 +++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 phpBB/phpbb/db/migration/data/v32x/v328.php

(limited to 'phpBB/phpbb/db')

diff --git a/phpBB/phpbb/db/migration/data/v32x/v328.php b/phpBB/phpbb/db/migration/data/v32x/v328.php
new file mode 100644
index 0000000000..28ff2c7033
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v32x/v328.php
@@ -0,0 +1,36 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class v328 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.2.8', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v32x\v328rc1',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.2.8')),
+		);
+	}
+}
-- 
cgit v1.2.1