- Commit pulled changes

added: mysql-test/suite/connect/r/secure_file_priv.result mysql-test/suite/connect/t/secure_file_priv-master.opt mysql-test/suite/connect/t/secure_file_priv.test modified: storage/connect/ha_connect.cc

- Commit pulled changes
added: mysql-test/suite/connect/r/secure_file_priv.result mysql-test/suite/connect/t/secure_file_priv-master.opt mysql-test/suite/connect/t/secure_file_priv.test modified: storage/connect/ha_connect.cc
3389e81d · Olivier Bertrand · 0f5c5a29 · 56b65d33 · 3389e81d · 3389e81d
Commit 3389e81d authored Apr 02, 2013 by Olivier Bertrand
4 changed files
--- a/mysql-test/suite/connect/r/secure_file_priv.result
+++ b/mysql-test/suite/connect/r/secure_file_priv.result
+CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=DBF FILE_NAME='DATADIR/t1.dbf';
+ERROR HY000: The MariaDB server is running with the --secure-file-priv option so it cannot execute this statement
+CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=DBF FILE_NAME='SECUREDATADIR/t1.dbf';
+INSERT INTO t1 VALUES (10);
+SELECT * FROM t1;
+a
+10
+DROP TABLE t1;
--- a/mysql-test/suite/connect/t/secure_file_priv-master.opt
+++ b/mysql-test/suite/connect/t/secure_file_priv-master.opt
+--secure_file_priv=$MYSQL_TMP_DIR
--- a/mysql-test/suite/connect/t/secure_file_priv.test
+++ b/mysql-test/suite/connect/t/secure_file_priv.test
+let $DATADIR= `select @@datadir`;
+let $SECUREDIR= `select @@secure_file_priv`;
+
+--replace_result $DATADIR DATADIR
+--error ER_OPTION_PREVENTS_STATEMENT
+--eval CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=DBF FILE_NAME='$DATADIR/t1.dbf'
+
+--replace_result $SECUREDIR SECUREDATADIR
+--eval CREATE TABLE t1 (a INT NOT NULL) ENGINE=CONNECT TABLE_TYPE=DBF FILE_NAME='$SECUREDIR/t1.dbf'
+INSERT INTO t1 VALUES (10);
+SELECT * FROM t1;
+DROP TABLE t1;
+--remove_file $SECUREDIR/t1.dbf
--- a/storage/connect/ha_connect.cc
+++ b/storage/connect/ha_connect.cc
@@ -2912,8 +2912,17 @@ bool ha_connect::check_privileges(THD *thd, PTOS options)
    case TAB_XML:
    case TAB_INI:
    case TAB_VEC:
-      return options->filename ?
-             check_access(thd, FILE_ACL, NULL, NULL, NULL, 0, 0) : false;
+      if (!options->filename)
+        return false;
+      char path[FN_REFLEN];
+      (void) fn_format(path, options->filename, mysql_real_data_home, "",
+                       MY_RELATIVE_PATH | MY_UNPACK_FILENAME);
+      if (!is_secure_file_path(path))
+      {
+        my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");
+        return true;
+      }
+      /* Fall through to check FILE_ACL */

    case TAB_ODBC:
    case TAB_MYSQL: