Fix for Bug#29605
--local-infile=0 checks can be bypassed by sending a FETCH LOCAL FILE response Add a check for CLIENT_LOCAL_FILES before sending a local file. Beware, that all binary distributions enable sending of local files and it's up to the programs which use libmysql to disable it, if they don't use this functionality. Otherwise they are not safe.
Showing
Please register or sign in to comment