diff options
author | Michal Čihař <michal@cihar.com> | 2016-07-23 09:59:02 +0300 |
---|---|---|
committer | Michal Čihař <michal@cihar.com> | 2016-07-23 09:59:02 +0300 |
commit | d03954bf9ca3b1cc4037214e7983617732282872 (patch) | |
tree | 673d4a4f0b546b3935345ee4a3531a5a18d8a886 /import.php | |
parent | f261abbdf9fa7f96e30e8e040866a326f5e9b95d (diff) |
Enable LOAD DATA LOCAL INFILE only when needed
There is no need to have this feature allowed for normal SQL queries, it
can lead to leaking sensitive files from the web server. It's enough to
enable it only in LDI import plugin, where we control what queries are
executed.
Signed-off-by: Michal Čihař <michal@cihar.com>
Diffstat (limited to 'import.php')
-rw-r--r-- | import.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/import.php b/import.php index 90b15554b9..2a493af219 100644 --- a/import.php +++ b/import.php @@ -6,6 +6,11 @@ * @package PhpMyAdmin */ +/* Enable LOAD DATA LOCAL INFILE for LDI plugin */ +if (isset($_POST['format']) && $_POST['format'] == 'ldi') { + define('PMA_ENABLE_LDI', 1); +} + /** * Get the variables sent or posted to this script and a core script */ |