Add support for LOAD DATA LOCAL INFILE statement

amphp / mysql

An async MySQL client for PHP, optimizing database interactions with efficient non-blocking capabilities. Perfect for responsive, high-performance applications.

Other

358 stars 63 forks source link

Add support for LOAD DATA LOCAL INFILE statement #86

Closed psafarov closed 5 years ago

psafarov commented 5 years ago

@bwoebi could you please take a look at this PR. This code has been working in a real application, no bugs spotted yet.

psafarov commented 5 years ago

Seems like this might be vulnerable to arbitrary file reads chosen by the server, see https://www.percona.com/blog/2019/02/06/percona-responds-to-mysql-local-infile-security-issues/.

I made this feature optional and disabled by default. The ones who don't use it will not be affected.

psafarov commented 5 years ago

Btw current version is open to this attack, thanks to src/Internal/Processor.php rows 833-835. I added a fix.

bwoebi commented 5 years ago

Thanks :-)