Commit 8ef7114f authored by unknown's avatar unknown

Fixed BUG#13510: Setting password local variable changes current password

  Disallow conflicting use of variables named "password" and "names". If such
  a variable is declared, and "SET ... = ..." is used for them, an error is
  returned; the user must resolve the conflict by either using `var` (indicating
  that the local variable is set) or by renaming the variable.
  This is necessary since setting "password" and "names" are treated as special
  cases by the parser.


mysql-test/r/sp-error.result:
  New test cases for BUG#13510
mysql-test/t/sp-error.test:
  New test cases for BUG#13510
sql/share/errmsg.txt:
  New error message for when certain variable names are use which would be
  parsed the wrong way. (E.g. "password" and "names")
sql/sql_yacc.yy:
  Check if "names" or "password" are used as local variable/parameter, in which
  case "set names" or "set password" will be parsed the wrong way. Give an error
  message instead.
parent 3fd11cf6
...@@ -834,3 +834,41 @@ ERROR HY000: Not allowed to set autocommit from a stored function or trigger ...@@ -834,3 +834,41 @@ ERROR HY000: Not allowed to set autocommit from a stored function or trigger
create trigger bug12712 create trigger bug12712
before insert on t1 for each row set session autocommit = 0; before insert on t1 for each row set session autocommit = 0;
ERROR HY000: Not allowed to set autocommit from a stored function or trigger ERROR HY000: Not allowed to set autocommit from a stored function or trigger
drop procedure if exists bug13510_1|
drop procedure if exists bug13510_2|
drop procedure if exists bug13510_3|
drop procedure if exists bug13510_4|
create procedure bug13510_1()
begin
declare password varchar(10);
set password = 'foo1';
select password;
end|
ERROR 42000: Variable 'password' must be quoted with `...`, or renamed
create procedure bug13510_2()
begin
declare names varchar(10);
set names = 'foo2';
select names;
end|
ERROR 42000: Variable 'names' must be quoted with `...`, or renamed
create procedure bug13510_3()
begin
declare password varchar(10);
set `password` = 'foo3';
select password;
end|
create procedure bug13510_4()
begin
declare names varchar(10);
set `names` = 'foo4';
select names;
end|
call bug13510_3()|
password
foo3
call bug13510_4()|
names
foo4
drop procedure bug13510_3|
drop procedure bug13510_4|
...@@ -1212,6 +1212,59 @@ call bug9367(); ...@@ -1212,6 +1212,59 @@ call bug9367();
drop procedure bug9367; drop procedure bug9367;
drop table t1; drop table t1;
--enable_parsing --enable_parsing
#
# BUG#13510: Setting password local variable changes current password
#
delimiter |;
--disable_warnings
drop procedure if exists bug13510_1|
drop procedure if exists bug13510_2|
drop procedure if exists bug13510_3|
drop procedure if exists bug13510_4|
--enable_warnings
--error ER_SP_BAD_VAR_SHADOW
create procedure bug13510_1()
begin
declare password varchar(10);
set password = 'foo1';
select password;
end|
--error ER_SP_BAD_VAR_SHADOW
create procedure bug13510_2()
begin
declare names varchar(10);
set names = 'foo2';
select names;
end|
create procedure bug13510_3()
begin
declare password varchar(10);
set `password` = 'foo3';
select password;
end|
create procedure bug13510_4()
begin
declare names varchar(10);
set `names` = 'foo4';
select names;
end|
call bug13510_3()|
call bug13510_4()|
drop procedure bug13510_3|
drop procedure bug13510_4|
delimiter ;|
# #
# BUG#NNNN: New bug synopsis # BUG#NNNN: New bug synopsis
# #
......
...@@ -5420,3 +5420,5 @@ ER_ROW_IS_REFERENCED_2 23000 ...@@ -5420,3 +5420,5 @@ ER_ROW_IS_REFERENCED_2 23000
eng "Cannot delete or update a parent row: a foreign key constraint fails (%.192s)" eng "Cannot delete or update a parent row: a foreign key constraint fails (%.192s)"
ER_NO_REFERENCED_ROW_2 23000 ER_NO_REFERENCED_ROW_2 23000
eng "Cannot add or update a child row: a foreign key constraint fails (%.192s)" eng "Cannot add or update a child row: a foreign key constraint fails (%.192s)"
ER_SP_BAD_VAR_SHADOW 42000
eng "Variable '%-.64s' must be quoted with `...`, or renamed"
...@@ -7992,6 +7992,18 @@ option_value: ...@@ -7992,6 +7992,18 @@ option_value:
$2= $2 ? $2: global_system_variables.character_set_client; $2= $2 ? $2: global_system_variables.character_set_client;
lex->var_list.push_back(new set_var_collation_client($2,thd->variables.collation_database,$2)); lex->var_list.push_back(new set_var_collation_client($2,thd->variables.collation_database,$2));
} }
| NAMES_SYM equal expr
{
LEX *lex= Lex;
sp_pcontext *spc= lex->spcont;
LEX_STRING names;
names.str= (char *)"names";
names.length= 5;
if (spc && spc->find_pvar(&names))
my_error(ER_SP_BAD_VAR_SHADOW, MYF(0), names.str);
YYABORT;
}
| NAMES_SYM charset_name_or_default opt_collate | NAMES_SYM charset_name_or_default opt_collate
{ {
LEX *lex= Lex; LEX *lex= Lex;
...@@ -8009,6 +8021,17 @@ option_value: ...@@ -8009,6 +8021,17 @@ option_value:
{ {
THD *thd=YYTHD; THD *thd=YYTHD;
LEX_USER *user; LEX_USER *user;
LEX *lex= Lex;
sp_pcontext *spc= lex->spcont;
LEX_STRING pw;
pw.str= (char *)"password";
pw.length= 8;
if (spc && spc->find_pvar(&pw))
{
my_error(ER_SP_BAD_VAR_SHADOW, MYF(0), pw.str);
YYABORT;
}
if (!(user=(LEX_USER*) thd->alloc(sizeof(LEX_USER)))) if (!(user=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
YYABORT; YYABORT;
user->host=null_lex_str; user->host=null_lex_str;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment