New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No need to disable LOAD DATA LOCAL INFILE when open_basedir restrictions and/or safe_mode are enabled #11088

Open
KaanErturk opened this Issue Dec 26, 2016 · 4 comments

Comments

Projects
None yet
3 participants
@KaanErturk

KaanErturk commented Dec 26, 2016

When you use a remote MySQL server and can't get FILE privilege, i.e. AWS RDS, you need LOAD DATA LOCAL INFILE capability. For some reason that was an issue in PHP when open_basedir or safe_mode were enabled and their workaround was to just disable it. However it's been fixed since last year, for PHP version 5.6.17 and above and when mysqlnd is used. See the fix here: php/php-src@be6fd4b

There is a similar workaround in Piwik codebase (see https://github.com/piwik/piwik/blob/9243b9a7b6fae8237596f76cda1fe8b6816463af/core/Db/BatchInsert.php#L193). I think that should be removed, perhaps conditionally for PHP 5.6.17+.

open_basedir and safe_mode are not the ultimate security measures but still, it would be good to enable them and have Security and System Check pages on Piwik all-green as well as LOAD DATA LOCAL INFILE working as it should.

@KaanErturk

This comment has been minimized.

Show comment
Hide comment
@KaanErturk

KaanErturk Dec 26, 2016

This is related to #10732 and #7519 btw.

KaanErturk commented Dec 26, 2016

This is related to #10732 and #7519 btw.

@mattab

This comment has been minimized.

Show comment
Hide comment
@mattab

mattab Dec 26, 2016

Member

@KaanErturk Sounds good to make the code in https://github.com/piwik/piwik/blob/9243b9a7b6fae8237596f76cda1fe8b6816463af/core/Db/BatchInsert.php#L193 conditional to PHP 5.6.17+. Did you check it works with safe mode and/or open basedir?
Pull request welcome 👍

Member

mattab commented Dec 26, 2016

@KaanErturk Sounds good to make the code in https://github.com/piwik/piwik/blob/9243b9a7b6fae8237596f76cda1fe8b6816463af/core/Db/BatchInsert.php#L193 conditional to PHP 5.6.17+. Did you check it works with safe mode and/or open basedir?
Pull request welcome 👍

@mattab

This comment has been minimized.

Show comment
Hide comment
@mattab

mattab Feb 20, 2017

Member

Hi @KaanErturk any chance you could create a Pull request for this issue? Would be very appreciated!

Member

mattab commented Feb 20, 2017

Hi @KaanErturk any chance you could create a Pull request for this issue? Would be very appreciated!

@mattab mattab added the Enhancement label Feb 20, 2017

@mattab mattab added this to the Backlog (Help wanted) milestone Feb 20, 2017

@djosip

This comment has been minimized.

Show comment
Hide comment
@djosip

djosip Nov 2, 2017

It has been over a year since KaanErturk wrote his comment about this issue and I can see that the problem with open_basedir and LOAD DATA LOCAL INFILE still persists.
Is there any hope that piwik might finally change its behavior as per KaanErtuk's suggestion?

djosip commented Nov 2, 2017

It has been over a year since KaanErturk wrote his comment about this issue and I can see that the problem with open_basedir and LOAD DATA LOCAL INFILE still persists.
Is there any hope that piwik might finally change its behavior as per KaanErtuk's suggestion?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment