Index: phpMyAdmin-4.7.8-all-languages/libraries/db_designer.lib.php =================================================================== --- phpMyAdmin-4.7.8-all-languages/libraries/db_designer.lib.php +++ phpMyAdmin-4.7.8-all-languages/libraries/db_designer.lib.php 2019-01-28 14:20:16.696532775 +0100 @@ -193,7 +193,7 @@ . PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['designer_settings']) . ' WHERE ' . PMA\libraries\Util::backquote('username') . ' = "' - . $GLOBALS['cfg']['Server']['user'] . '";'; + . $GLOBALS['dbi']->escapeString($GLOBALS['cfg']['Server']['user']) . '";'; $result = $GLOBALS['dbi']->fetchSingleRow($query); Index: libraries/pmd_common.php =================================================================== --- phpMyAdmin-4.7.8-all-languages/libraries/pmd_common.php +++ phpMyAdmin-4.7.8-all-languages/libraries/pmd_common.php 2019-01-28 14:21:38.943766317 +0100 @@ -761,7 +761,7 @@ . PMA\libraries\Util::backquote($cfgDesigner['db']) . "." . PMA\libraries\Util::backquote($cfgDesigner['table']) . " (username, settings_data)" - . " VALUES('" . $cfgDesigner['user'] . "'," + . " VALUES('" . $GLOBALS['dbi']->escapeString($cfgDesigner['user']) . "'," . " '" . json_encode($save_data) . "');"; $success = PMA_queryAsControlUser($query); Index: libraries/dbi/DBIMysql.php =================================================================== --- phpMyAdmin-4.7.8-all-languages/libraries/dbi/DBIMysql.php +++ phpMyAdmin-4.7.8-all-languages/libraries/dbi/DBIMysql.php 2019-01-28 14:17:02.556084376 +0100 @@ -52,6 +52,10 @@ ) { global $cfg; + if (ini_get('mysql.allow_local_infile')) { + PMA_fatalError(__('Please disable mysql.allow_local_infile in your PHP configuration or install the mysqli extension.')); + } + if (empty($client_flags)) { if ($cfg['PersistentConnections'] || $persistent) { $link = @mysql_pconnect($server, $user, $password); Index: phpMyAdmin-4.7.8-all-languages/libraries/dbi/DBIMysqli.php =================================================================== --- phpMyAdmin-4.7.8-all-languages/libraries/dbi/DBIMysqli.php +++ phpMyAdmin-4.7.8-all-languages/libraries/dbi/DBIMysqli.php 2019-01-28 14:18:42.415225312 +0100 @@ -79,11 +79,6 @@ $link = mysqli_init(); - if (defined('PMA_ENABLE_LDI')) { - mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, true); - } else { - mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, false); - } $client_flags = 0; @@ -166,6 +161,12 @@ return false; } + if (defined('PMA_ENABLE_LDI')) { + mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, true); + } else { + mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, false); + } + return $link; }