mirror of
https://github.com/MariaDB/server.git
synced 2025-08-30 11:22:14 +03:00
2a37d531be
The server variable opt_secure_file_priv wasn't normalized properly and caused the operations LOAD DATA INFILE .. INTO TABLE .. and SELECT load_file(..) to do different interpretations of the --secure-file-priv option. The patch moves code to the server initialization routines so that the path always is normalized once and only once. It was also intended that setting the option to an empty string should be equal to lifting all previously set restrictions. This is also fixed by this patch.
22 lines
829 B
Plaintext
22 lines
829 B
Plaintext
--echo #
|
|
--echo # Bug50373 --secure-file-priv=""
|
|
--echo #
|
|
CREATE TABLE t1 (c1 VARCHAR(50));
|
|
INSERT INTO t1 VALUES ("one"),("two"),("three"),("four"),("five");
|
|
SHOW VARIABLES LIKE 'secure_file_priv';
|
|
--disable_query_log
|
|
# Atempt to create a file where we normally aren't allowed to create one.
|
|
# Doing this in a portable manner is difficult but we should be able to
|
|
# count on the depth of the directory hierarchy used. Three steps up from
|
|
# the datadir is the 'mysql_test' directory.
|
|
--let $PROTECTED_FILE=`SELECT concat(@@datadir,'/../../../bug50373.txt')`;
|
|
--eval SELECT * FROM t1 INTO OUTFILE '$PROTECTED_FILE';
|
|
DELETE FROM t1;
|
|
--eval LOAD DATA INFILE '$PROTECTED_FILE' INTO TABLE t1;
|
|
SELECT * FROM t1;
|
|
--eval SELECT load_file('$PROTECTED_FILE') AS loaded_file;
|
|
--enable_query_log
|
|
remove_file $PROTECTED_FILE;
|
|
DROP TABLE t1;
|
|
|