Closed psafarov closed 5 years ago
Seems like this might be vulnerable to arbitrary file reads chosen by the server, see https://www.percona.com/blog/2019/02/06/percona-responds-to-mysql-local-infile-security-issues/.
I made this feature optional and disabled by default. The ones who don't use it will not be affected.
Btw current version is open to this attack, thanks to src/Internal/Processor.php
rows 833-835. I added a fix.
Thanks :-)
@bwoebi could you please take a look at this PR. This code has been working in a real application, no bugs spotted yet.