• Georgi Kodinov's avatar
    Bug #11764517: 57359: POSSIBLE TO CIRCUMVENT SECURE_FILE_PRIV · 59d75160
    Georgi Kodinov authored
      USING '..' ON WINDOWS
    
    Backport of the fix to 5.0 (to be null-merged to 5.1).
    Moved the test into the main test suite. 
    Made mysql-test-run.pl to not use symlinks for sdtdata as the symlinks
    are now properly recognized by secure_file_priv.
    Made sure the paths in load_file(), LOAD DATA and SELECT .. INTO OUTFILE 
    that are checked against secure_file_priv in a correct way similarly to 5.1 
    by the extended is_secure_file_path() backport before the comparison.
    Added an extensive test with all the variants of upper/lower case, 
    slash/backslash and case sensitivity.
    Added few comments to the code.
    59d75160
sql_class.cc 66 KB