Commit 4bba2554 authored by Alexander Barkov's avatar Alexander Barkov

Respect the --secure-file-priv server option when working with

tables having the FILE_NAME='xxx' table option.

added:
  mysql-test/suite/connect/r/secure_file_priv.result
  mysql-test/suite/connect/t/secure_file_priv-master.opt
  mysql-test/suite/connect/t/secure_file_priv.test
modified:
  storage/connect/ha_connect.cc
parent 42e5bfac
CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=DBF FILE_NAME='/media/DATA/maria-bzr/maria-10.0-connect/mysql-test/var/mysqld.1/data//t1.dbf';
ERROR HY000: The MariaDB server is running with the --secure-file-priv option so it cannot execute this statement
CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=DBF FILE_NAME='/media/DATA/maria-bzr/maria-10.0-connect/mysql-test/var/tmp//t1.dbf';
INSERT INTO t1 VALUES (10);
SELECT * FROM t1;
a
10
DROP TABLE t1;
let $MYSQLD_DATADIR= `select @@datadir`;
let $MYSQLD_SECUREDIR= `select @@secure_file_priv`;
--error ER_OPTION_PREVENTS_STATEMENT
--eval CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=DBF FILE_NAME='$MYSQLD_DATADIR/t1.dbf'
--eval CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=DBF FILE_NAME='$MYSQLD_SECUREDIR/t1.dbf'
INSERT INTO t1 VALUES (10);
SELECT * FROM t1;
DROP TABLE t1;
--remove_file $MYSQLD_SECUREDIR/t1.dbf
...@@ -2912,8 +2912,17 @@ bool ha_connect::check_privileges(THD *thd, PTOS options) ...@@ -2912,8 +2912,17 @@ bool ha_connect::check_privileges(THD *thd, PTOS options)
case TAB_XML: case TAB_XML:
case TAB_INI: case TAB_INI:
case TAB_VEC: case TAB_VEC:
return options->filename ? if (!options->filename)
check_access(thd, FILE_ACL, NULL, NULL, NULL, 0, 0) : false; return false;
char path[FN_REFLEN];
(void) fn_format(path, options->filename, mysql_real_data_home, "",
MY_RELATIVE_PATH | MY_UNPACK_FILENAME);
if (!is_secure_file_path(path))
{
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");
return true;
}
/* Fall through to check FILE_ACL */
case TAB_ODBC: case TAB_ODBC:
case TAB_MYSQL: case TAB_MYSQL:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment