From 5a37470f9f1d2332bfed6ae5540c5a849c50ee20 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Tue, 15 Jan 2002 17:46:37 +0000 Subject: [PATCH] support open_basedir --- read_dump.php3 | 43 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/read_dump.php3 b/read_dump.php3 index e44ef9309..a63c7755e 100644 --- a/read_dump.php3 +++ b/read_dump.php3 @@ -222,7 +222,48 @@ if (!empty($id_bookmark)) { // Gets the query from a file if required if ($sql_file != 'none') { if (file_exists($sql_file) && is_uploaded_file($sql_file)) { - $sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file)); + + if (PMA_PHP_INT_VERSION >= 40000 ) { + $open_basedir = @ini_get('open_basedir'); + } + if (PMA_PHP_INT_VERSION < 40000 ) { + $open_basedir = @get_cfg_var('open_basedir'); + } + + // if we are on a server with open_basedir, we must move + // the file before opening it. The doc explains how + // to create the ./tmp directory + + if (!empty($open_basedir)) { + // check if '.' is in open_basedir + $pos = strpos($open_basedir,'.'); + + // from the PHP annotated manual + if ( (PMA_PHP_INT_VERSION < 40000 && is_integer($pos) && !$pos) + || (PMA_PHP_INT_VERSION >= 40000 && $pos === false) ) { + // if no '.' in openbasedir, do not move the file, + // force the error and let PHP report it + error_reporting(E_ALL); + $sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file)); + } + else { + $sql_file_new='./tmp/' . basename($sql_file); + if (PMA_PHP_INT_VERSION < 40003) { + copy($sql_file, $sql_file_new); + } + else { + move_uploaded_file($sql_file, $sql_file_new); + } + $sql_query = fread(fopen($sql_file_new, 'r'), filesize($sql_file_new)); + unlink($sql_file_new); + } + + } + else { + // read from the normal upload dir + $sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file)); + } + if (get_magic_quotes_runtime() == 1) { $sql_query = stripslashes($sql_query); }