mirror of
https://github.com/MariaDB/server.git
synced 2025-10-31 15:50:51 +03:00
c4ae01e6f0
- Implement --secure-file-priv=<dir> option that limits "load_file", "LOAD DATA" and "SELECT .. INTO OUTFILE" to work with files in specified dir. - Use above option for mysqld in mysql-test-run.pl mysql-test/mysql-test-run.pl: Add usage of --secure-file-priv=vardir when starting mysqld mysql-test/r/loaddata.result: Update test result after adding test to check that secure-file-priv works for "load data" and "load_file" mysql-test/r/outfile.result: Update result mysql-test/r/query_cache.result: Can't load from outside of vardir anymore mysql-test/r/type_blob.result: Can't load from outside of vardir anymore mysql-test/t/loaddata.test: Update test result after adding test to check that secure-file-priv works for "load data" and "load_file" mysql-test/t/outfile.test: Update test result after adding test to check that secure-file-priv works for "SELECT .. INTO OUTFILE" mysql-test/t/query_cache.test: Can't load from outside of vardir anymore mysql-test/t/type_blob.test: Can't load from outside of vardir anymore sql/item_strfunc.cc: Check that the path "load_file" uses for the file is within what's specified with --secure-file-priv sql/mysql_priv.h: Add secure_file_priv sql/mysqld.cc: Add "--secure_file_priv" sql/set_var.cc: Add variable "secure_file_priv" to "show variables" sql/sql_class.cc: Check that the path "load_file" uses for the file is within what's specified with --secure-file-priv sql/sql_class.h: Fix spelling error sql/sql_load.cc: Check that the path "load_file" uses for the file is within what's specified with --secure-file-priv sql/share/errmsg.txt: Fix swedish error message for ER_OPTION_PREVENTS_STATMENT wich was hardcoded to --skip-grant-tables
99 lines
2.6 KiB
Plaintext
99 lines
2.6 KiB
Plaintext
disable_query_log;
|
|
-- source include/test_outfile.inc
|
|
# Server are started in "var/master-data", so "../tmp" will be "var/tmp"
|
|
eval set @tmpdir="../tmp";
|
|
enable_query_log;
|
|
-- source include/have_outfile.inc
|
|
|
|
#
|
|
# test of into outfile|dumpfile
|
|
#
|
|
|
|
--disable_warnings
|
|
drop table if exists t1;
|
|
--enable_warnings
|
|
|
|
create table t1 (`a` blob);
|
|
insert into t1 values("hello world"),("Hello mars"),(NULL);
|
|
disable_query_log;
|
|
eval select * into outfile "../tmp/outfile-test.1" from t1;
|
|
enable_query_log;
|
|
select load_file(concat(@tmpdir,"/outfile-test.1"));
|
|
disable_query_log;
|
|
eval select * into dumpfile "../tmp/outfile-test.2" from t1 limit 1;
|
|
enable_query_log;
|
|
select load_file(concat(@tmpdir,"/outfile-test.2"));
|
|
disable_query_log;
|
|
eval select * into dumpfile "../tmp/outfile-test.3" from t1 where a is null;
|
|
enable_query_log;
|
|
select load_file(concat(@tmpdir,"/outfile-test.3"));
|
|
|
|
# the following should give errors
|
|
|
|
disable_query_log;
|
|
--error 1086
|
|
eval select * into outfile "../tmp/outfile-test.1" from t1;
|
|
|
|
--error 1086
|
|
eval select * into dumpfile "../tmp/outfile-test.2" from t1;
|
|
|
|
--error 1086
|
|
eval select * into dumpfile "../tmp/outfile-test.3" from t1;
|
|
enable_query_log;
|
|
select load_file(concat(@tmpdir,"/outfile-test.not-exist"));
|
|
--exec rm $MYSQLTEST_VARDIR/tmp/outfile-test.1
|
|
--exec rm $MYSQLTEST_VARDIR/tmp/outfile-test.2
|
|
--exec rm $MYSQLTEST_VARDIR/tmp/outfile-test.3
|
|
drop table t1;
|
|
|
|
# Bug#8191
|
|
disable_query_log;
|
|
eval select 1 into outfile "../tmp/outfile-test.4";
|
|
enable_query_log;
|
|
select load_file(concat(@tmpdir,"/outfile-test.4"));
|
|
--exec rm $MYSQLTEST_VARDIR/tmp/outfile-test.4
|
|
|
|
#
|
|
# Bug #5382: 'explain select into outfile' crashes the server
|
|
#
|
|
|
|
CREATE TABLE t1 (a INT);
|
|
EXPLAIN
|
|
SELECT *
|
|
INTO OUTFILE '/tmp/t1.txt'
|
|
FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' LINES TERMINATED BY '\r\n'
|
|
FROM t1;
|
|
DROP TABLE t1;
|
|
|
|
# End of 4.1 tests
|
|
|
|
#
|
|
# Bug#13202 SELECT * INTO OUTFILE ... FROM information_schema.schemata now fails
|
|
#
|
|
disable_query_log;
|
|
eval SELECT * INTO OUTFILE "../tmp/outfile-test.4"
|
|
FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"'
|
|
FROM information_schema.schemata LIMIT 0, 5;
|
|
# enable_query_log;
|
|
--exec rm $MYSQLTEST_VARDIR/tmp/outfile-test.4
|
|
|
|
use information_schema;
|
|
# disable_query_log;
|
|
eval SELECT * INTO OUTFILE "../tmp/outfile-test.4"
|
|
FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"'
|
|
FROM schemata LIMIT 0, 5;
|
|
enable_query_log;
|
|
--exec rm $MYSQLTEST_VARDIR/tmp/outfile-test.4
|
|
use test;
|
|
|
|
#
|
|
# Bug#18628 mysql-test-run: security problem
|
|
#
|
|
# It should not be possible to write to a file outside of vardir
|
|
create table t1(a int);
|
|
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
|
|
--error 1290
|
|
eval select * into outfile "$MYSQL_TEST_DIR/outfile-test1" from t1;
|
|
drop table t1;
|
|
|