Merge pull request #5855 from tractorcow/pulls/3.4/fix-mysql-privileges

BUG Fix permission checking code not correctly handling escaped SQL identifiers
2024-10-22 14:05:37 +02:00 · 2016-08-01 09:48:17 +01:00 · 2016-08-01 09:48:17 +01:00 · 992413ef59
commit 992413ef59
parent 6c37532a7a 7d0b8e6520
2 changed files with 11 additions and 1 deletions
--- a/dev/install/MySQLDatabaseConfigurationHelper.php
+++ b/dev/install/MySQLDatabaseConfigurationHelper.php
@ -172,8 +172,10 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper {
 		if(!$this->checkValidDatabaseName($database)) return false;

 		// Escape all valid database patterns (permission must exist on all tables)
+		$sqlDatabase = addcslashes($database, '_%'); // See http://dev.mysql.com/doc/refman/5.7/en/string-literals.html
 		$dbPattern = sprintf(
-			'((%s)|(%s)|(%s))',
+			'((%s)|(%s)|(%s)|(%s))',
+			preg_quote("\"$sqlDatabase\".*"), // Regexp escape sql-escaped db identifier
 			preg_quote("\"$database\".*"),
 			preg_quote('"%".*'),
 			preg_quote('*.*')
--- a/tests/dev/MySQLDatabaseConfigurationHelperTest.php
+++ b/tests/dev/MySQLDatabaseConfigurationHelperTest.php
@ -74,6 +74,14 @@ class MySQLDatabaseConfigurationHelperTest extends SapphireTest {
 				. " WITH GRANT OPTION"
 		));

+		// Accept create on this database only
+		$this->assertNotEmpty($helper->checkDatabasePermissionGrant(
+			'database_name',
+			'create',
+			"GRANT ALL PRIVILEGES, CREATE ON \"database\\_name\".* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'XXXX'"
+				. " WITH GRANT OPTION"
+		));
+
 		// Accept create on any database (alternate wildcard syntax)
 		$this->assertNotEmpty($helper->checkDatabasePermissionGrant(
 			'database_name',