diff options
| author | Jim Winstead <jimw@mysql.com> | 2009-05-19 15:26:57 -0700 |
|---|---|---|
| committer | Jim Winstead <jimw@mysql.com> | 2009-05-19 15:26:57 -0700 |
| commit | 16aeb5ad3df92d4459e5c3e83b401e17a926d6b5 (patch) | |
| tree | 46c72146dc02874535a5528e4fa92ed780b07912 | |
| parent | eb1261502c361df2ae60713785068d45c1689cb2 (diff) | |
| download | mariadb-git-16aeb5ad3df92d4459e5c3e83b401e17a926d6b5.tar.gz | |
Table identifiers and file names were not quoted and escaped correctly by
mysqlimport. (Bug #28071)
| -rw-r--r-- | client/mysqlimport.c | 16 | ||||
| -rw-r--r-- | mysql-test/r/mysqldump.result | 10 | ||||
| -rw-r--r-- | mysql-test/t/mysqldump.test | 23 |
3 files changed, 44 insertions, 5 deletions
diff --git a/client/mysqlimport.c b/client/mysqlimport.c index ec418244f3d..5a8fabd4da7 100644 --- a/client/mysqlimport.c +++ b/client/mysqlimport.c @@ -303,7 +303,8 @@ static int get_options(int *argc, char ***argv) static int write_to_table(char *filename, MYSQL *mysql) { char tablename[FN_REFLEN], hard_path[FN_REFLEN], - sql_statement[FN_REFLEN*16+256], *end; + escaped_name[FN_REFLEN * 2 + 1], + sql_statement[FN_REFLEN*16+256], *end, *pos; DBUG_ENTER("write_to_table"); DBUG_PRINT("enter",("filename: %s",filename)); @@ -338,15 +339,24 @@ static int write_to_table(char *filename, MYSQL *mysql) fprintf(stdout, "Loading data from SERVER file: %s into %s\n", hard_path, tablename); } + mysql_real_escape_string(mysql, escaped_name, hard_path, strlen(hard_path)); sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'", opt_low_priority ? "LOW_PRIORITY" : "", - opt_local_file ? "LOCAL" : "", hard_path); + opt_local_file ? "LOCAL" : "", escaped_name); end= strend(sql_statement); if (replace) end= strmov(end, " REPLACE"); if (ignore) end= strmov(end, " IGNORE"); - end= strmov(strmov(end, " INTO TABLE "), tablename); + end= strmov(end, " INTO TABLE `"); + /* Turn any ` into `` in table name. */ + for (pos= tablename; *pos; pos++) + { + if (*pos == '`') + *end++= '`'; + *end++= *pos; + } + end= strmov(end, "`"); if (fields_terminated || enclosed || opt_enclosed || escaped) end= strmov(end, " FIELDS"); diff --git a/mysql-test/r/mysqldump.result b/mysql-test/r/mysqldump.result index b48b6c9d87f..55a251a5b84 100644 --- a/mysql-test/r/mysqldump.result +++ b/mysql-test/r/mysqldump.result @@ -4439,6 +4439,16 @@ drop view v1; drop table t1; drop view v1; drop table t1; +# +# Bug#28071 mysqlimport does not quote or escape table name +# +drop table if exists `load`; +create table `load` (a varchar(255)); +test.load: Records: 70 Deleted: 0 Skipped: 0 Warnings: 0 +select count(*) from `load`; +count(*) +70 +drop table `load`; SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT; # # End of 5.1 tests diff --git a/mysql-test/t/mysqldump.test b/mysql-test/t/mysqldump.test index 6fc8d7bdfea..2ac22fd72ce 100644 --- a/mysql-test/t/mysqldump.test +++ b/mysql-test/t/mysqldump.test @@ -1971,8 +1971,27 @@ drop table t1; --remove_file $MYSQLTEST_VARDIR/tmp/v1.sql -# We reset concurrent_inserts value to whatever it was at the start of the test -# This line must be executed _after_ all test cases. +--echo # +--echo # Bug#28071 mysqlimport does not quote or escape table name +--echo # + +--disable_warnings +drop table if exists `load`; +--enable_warnings +create table `load` (a varchar(255)); + +--copy_file std_data/words.dat $MYSQLTEST_VARDIR/tmp/load.txt + +--exec $MYSQL_IMPORT --ignore test $MYSQLTEST_VARDIR/tmp/load.txt + +select count(*) from `load`; + +--remove_file $MYSQLTEST_VARDIR/tmp/load.txt + +drop table `load`; + +# We reset concurrent_inserts value to whatever it was at the start of the +# test This line must be executed _after_ all test cases. SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT; |