Sophie

Sophie

distrib > Fedora > 14 > x86_64 > by-pkgid > e18bc6966bd1dc0aeedf4c2d015b3510 > files > 2

php-pear-MDB2-Driver-mysqli-1.4.1-5.fc12.src.rpm

Patch for CVE-2007-5934 MDB2 Data injection and disclosure
from http://marc.info/?l=pear-cvs&m=117823082829114&q=raw

--- pear/MDB2/Driver/mysqli.php.lob	2007-11-14 08:01:40.000000000 +0100
+++ pear/MDB2/Driver/mysqli.php	2007-11-14 08:02:12.000000000 +0100
@@ -43,7 +43,7 @@
 // | Author: Lukas Smith <smith@pooteeweet.org>                           |
 // +----------------------------------------------------------------------+
 //
-// $Id: mysqli.php,v 1.162 2007/05/02 22:00:08 quipo Exp $
+// $Id: mysqli.php,v 1.163 2007/05/03 22:20:20 davidc Exp $
 //
 
 /**
@@ -1476,7 +1476,7 @@ class MDB2_Statement_mysqli extends MDB2
                 $value = $this->values[$parameter];
                 $type = array_key_exists($parameter, $this->types) ? $this->types[$parameter] : null;
                 if (!is_object($this->statement)) {
-                    if (is_resource($value) || $type == 'clob' || $type == 'blob') {
+                    if (is_resource($value) || $type == 'clob' || $type == 'blob' && $this->options['lob_allow_url_include']) {
                         if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', $value, $match)) {
                             if ($match[1] == 'file://') {
                                 $value = $match[2];
@@ -1628,4 +1628,4 @@ class MDB2_Statement_mysqli extends MDB2
         return $result;
    }
 }
-?>
\ No newline at end of file
+?>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional