Merge branch 'PHP-5.6' into PHP-7.0

laruence · laruence · commit 9134f9e98f6c · 2015-11-16T17:59:46.000+08:00
Conflicts:
	ext/mysql/php_mysql.c
diff --git a/NEWS b/NEWS
@@ -10,6 +10,10 @@ PHP                                                                        NEWS
   . Fixed bug #70898, #70895 (null ptr deref and segfault with crafted callable).
     (Anatol, Laruence)
 
+- Mysqlnd:
+  . Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
+    (Laruence)
+
 - OCI8:
   . Fixed memory leak with LOBs. (Senthil)
 
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
@@ -368,7 +368,12 @@ PHP_FUNCTION(ldap_connect)
 			}
 
 			url = emalloc(urllen);
-			snprintf( url, urllen, "ldap://%s:%ld", host ? host : "", port );
+			if (host && (strchr(host, ':') != NULL)) {
+				/* Legacy support for host:port */
+				snprintf( url, urllen, "ldap://%s", host );
+			} else {
+				snprintf( url, urllen, "ldap://%s:%ld", host ? host : "", port );
+			}
 		}
 
 #ifdef LDAP_API_FEATURE_X_OPENLDAP
diff --git a/ext/ldap/tests/ldap_connect_variation.phpt b/ext/ldap/tests/ldap_connect_variation.phpt
@@ -28,6 +28,10 @@ var_dump($link);
 // bad hostname (connect should work, not bind)
 $link = ldap_connect("nonexistent" . $host);
 var_dump($link);
+
+// Legacy host:port syntax
+$link = ldap_connect("$host:$port");
+var_dump($link);
 ?>
 ===DONE===
 --EXPECTF--
@@ -36,4 +40,5 @@ resource(%d) of type (ldap link)
 resource(%d) of type (ldap link)
 resource(%d) of type (ldap link)
 resource(%d) of type (ldap link)
+resource(%d) of type (ldap link)
 ===DONE===
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
@@ -1776,6 +1776,7 @@ PHP_FUNCTION(mysqli_options)
 	}
 	MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_INITIALIZED);
 
+#if !defined(MYSQLI_USE_MYSQLND)
 #if PHP_API_VERSION < 20100412
 	if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode)) {
 #else
@@ -1785,6 +1786,7 @@ PHP_FUNCTION(mysqli_options)
 			RETURN_FALSE;
 		}
 	}
+#endif
 	expected_type = mysqli_options_get_option_zval_type(mysql_option);
 	if (expected_type != Z_TYPE_P(mysql_value)) {
 		switch (expected_type) {
diff --git a/ext/mysqli/mysqli_nonapi.c b/ext/mysqli/mysqli_nonapi.c
@@ -118,9 +118,11 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_real_conne
 		flags |= CLIENT_MULTI_RESULTS; /* needed for mysql_multi_query() */
 		/* remove some insecure options */
 		flags &= ~CLIENT_MULTI_STATEMENTS;   /* don't allow multi_queries via connect parameter */
+#if !defined(MYSQLI_USE_MYSQLND)
 		if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {
 			flags &= ~CLIENT_LOCAL_FILES;
 		}
+#endif
 	}
 
 	if (!socket_len || !socket) {
diff --git a/ext/mysqli/tests/bug68077.phpt b/ext/mysqli/tests/bug68077.phpt
@@ -0,0 +1,70 @@
+--TEST--
+Bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction)
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifconnectfailure.inc');
+if (!$IS_MYSQLND) {
+	die("skip: test applies only to mysqlnd");
+}
+?>
+--INI--
+open_basedir={PWD}
+--FILE--
+<?php
+	require_once("connect.inc");
+
+	if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) {
+		printf("[001] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
+	}
+
+	if (!$link->query("DROP TABLE IF EXISTS test")) {
+		printf("[002] [%d] %s\n", $link->errno, $link->error);
+	}
+
+	if (!$link->query("CREATE TABLE test (dump1 INT UNSIGNED NOT NULL PRIMARY KEY) ENGINE=" . $engine)) {
+		printf("[003] [%d] %s\n", $link->errno, $link->error);
+	}
+
+	if (FALSE == file_put_contents(__DIR__ . '/bug53503.data', "1\n2\n3\n"))
+		printf("[004] Failed to create CVS file\n");
+
+	if (!$link->query("SELECT 1 FROM DUAL"))
+		printf("[005] [%d] %s\n", $link->errno, $link->error);
+
+	if (!$link->query("LOAD DATA LOCAL INFILE '" . __DIR__  . "/bug53503.data' INTO TABLE test")) {
+		printf("[006] [%d] %s\n", $link->errno, $link->error);
+		echo "bug\n";
+	} else {
+		echo "done\n";
+	}
+
+	if (!$link->query("LOAD DATA LOCAL INFILE '../../bug53503.data' INTO TABLE test")) {
+		printf("[006] [%d] %s\n", $link->errno, $link->error);
+		echo "done\n";
+	} else {
+		echo "bug\n";
+	}
+	$link->close();
+?>
+--CLEAN--
+<?php
+require_once('connect.inc');
+
+if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) {
+	printf("[clean] Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n",
+		$host, $user, $db, $port, $socket);
+}
+
+if (!$link->query($link, 'DROP TABLE IF EXISTS test')) {
+	printf("[clean] Failed to drop old test table: [%d] %s\n", mysqli_errno($link), mysqli_error($link));
+}
+
+$link->close();
+
+unlink('bug53503.data');
+?>
+--EXPECTF--
+done
+[006] [2000] open_basedir restriction in effect. Unable to open file
+done
diff --git a/ext/mysqli/tests/mysqli_options_openbasedir.phpt b/ext/mysqli/tests/mysqli_options_openbasedir.phpt
@@ -8,16 +8,22 @@ require_once('skipifconnectfailure.inc');
 ?>
 --FILE--
 <?php
-	require_once('connect.inc');
-	ini_set("open_basedir", __DIR__);
-	if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket))
-		printf("[001] Cannot connect, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
+require_once('connect.inc');
+ini_set("open_basedir", __DIR__);
+if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket))
+	printf("[001] Cannot connect, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
 
+if ($IS_MYSQLND) {
+	if (true !== mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, 1))
+		printf("[002] Can not set MYSQLI_OPT_LOCAL_INFILE although open_basedir is set!\n");
+
+} else {
 	if (false !== mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, 1))
 		printf("[002] Can set MYSQLI_OPT_LOCAL_INFILE although open_basedir is set!\n");
 
-	mysqli_close($link);
-	print "done!";
+}
+mysqli_close($link);
+print "done!";
 ?>
 --EXPECTF--
 done!
diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c
@@ -756,10 +756,6 @@ MYSQLND_METHOD(mysqlnd_conn_data, get_updated_connect_flags)(MYSQLND_CONN_DATA *
 
 	mysql_flags |= conn->options->flags; /* use the flags from set_client_option() */
 
-	if (PG(open_basedir) && strlen(PG(open_basedir))) {
-		mysql_flags ^= CLIENT_LOCAL_FILES;
-	}
-
 #ifndef MYSQLND_COMPRESSION_ENABLED
 	if (mysql_flags & CLIENT_COMPRESS) {
 		mysql_flags &= ~CLIENT_COMPRESS;
diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c
@@ -632,6 +632,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options)
 			goto cleanup;
 		}
 
+#ifndef PDO_USE_MYSQLND
 #if PHP_API_VERSION < 20100412
 		if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') || PG(safe_mode))
 #else
@@ -640,6 +641,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options)
 		{
 			local_infile = 0;
 		}
+#endif
 #if defined(MYSQL_OPT_LOCAL_INFILE) || defined(PDO_USE_MYSQLND)
 		if (mysql_options(H->server, MYSQL_OPT_LOCAL_INFILE, (const char *)&local_infile)) {
 			pdo_mysql_error(dbh);

Original file line number	Diff line number	Diff line change
`@@ -368,7 +368,12 @@ PHP_FUNCTION(ldap_connect)`
`368`	`368`	`}`
`369`	`369`
`370`	`370`	`url = emalloc(urllen);`
`371`		`- snprintf( url, urllen, "ldap://%s:%ld", host ? host : "", port );`
	`371`	`+ if (host && (strchr(host, ':') != NULL)) {`
	`372`	`+ /* Legacy support for host:port */`
	`373`	`+ snprintf( url, urllen, "ldap://%s", host );`
	`374`	`+ } else {`
	`375`	`+ snprintf( url, urllen, "ldap://%s:%ld", host ? host : "", port );`
	`376`	`+ }`
`372`	`377`	`}`
`373`	`378`
`374`	`379`	`#ifdef LDAP_API_FEATURE_X_OPENLDAP`
Original file line number	Diff line number	Diff line change
`@@ -1776,6 +1776,7 @@ PHP_FUNCTION(mysqli_options)`
`1776`	`1776`	`}`
`1777`	`1777`	`MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_INITIALIZED);`
`1778`	`1778`
	`1779`	`+#if !defined(MYSQLI_USE_MYSQLND)`
`1779`	`1780`	`#if PHP_API_VERSION < 20100412`
`1780`	`1781`	`if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') \|\| PG(safe_mode)) {`
`1781`	`1782`	`#else`
`@@ -1785,6 +1786,7 @@ PHP_FUNCTION(mysqli_options)`
`1785`	`1786`	`RETURN_FALSE;`
`1786`	`1787`	`}`
`1787`	`1788`	`}`
	`1789`	`+#endif`
`1788`	`1790`	`expected_type = mysqli_options_get_option_zval_type(mysql_option);`
`1789`	`1791`	`if (expected_type != Z_TYPE_P(mysql_value)) {`
`1790`	`1792`	`switch (expected_type) {`
Original file line number	Diff line number	Diff line change
`@@ -118,9 +118,11 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_real_conne`
`118`	`118`	`flags \|= CLIENT_MULTI_RESULTS; /* needed for mysql_multi_query() */`
`119`	`119`	`/* remove some insecure options */`
`120`	`120`	`flags &= ~CLIENT_MULTI_STATEMENTS; /* don't allow multi_queries via connect parameter */`
	`121`	`+#if !defined(MYSQLI_USE_MYSQLND)`
`121`	`122`	`if (PG(open_basedir) && PG(open_basedir)[0] != '\0') {`
`122`	`123`	`flags &= ~CLIENT_LOCAL_FILES;`
`123`	`124`	`}`
	`125`	`+#endif`
`124`	`126`	`}`
`125`	`127`
`126`	`128`	`if (!socket_len \|\| !socket) {`
Original file line number	Diff line number	Diff line change
`@@ -632,6 +632,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t dbh, zval driver_options)`
`632`	`632`	`goto cleanup;`
`633`	`633`	`}`
`634`	`634`
	`635`	`+#ifndef PDO_USE_MYSQLND`
`635`	`636`	`#if PHP_API_VERSION < 20100412`
`636`	`637`	`if ((PG(open_basedir) && PG(open_basedir)[0] != '\0') \|\| PG(safe_mode))`
`637`	`638`	`#else`
`@@ -640,6 +641,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t dbh, zval driver_options)`
`640`	`641`	`{`
`641`	`642`	`local_infile = 0;`
`642`	`643`	`}`
	`644`	`+#endif`
`643`	`645`	`#if defined(MYSQL_OPT_LOCAL_INFILE) \|\| defined(PDO_USE_MYSQLND)`
`644`	`646`	`if (mysql_options(H->server, MYSQL_OPT_LOCAL_INFILE, (const char *)&local_infile)) {`
`645`	`647`	`pdo_mysql_error(dbh);`