From 2191acfd7876c917de0ce3657a01e391bfac5f7b Mon Sep 17 00:00:00 2001
From: Anders Morken <anders.morken@ntnu.no>
Date: Wed, 5 Jul 2006 09:00:52 +0000
Subject: [PATCH] =?UTF-8?q?La=20inn=20ein=20argumentsjekk=20av=20databasen?=
=?UTF-8?q?amn=20n=C3=A5r=20vi=20lagar=20databaser.=20Det=20er=20masse=20c?=
=?UTF-8?q?ruft=20i=20databasekatalogen=20til=20mysql.stud=20-=20databasen?=
=?UTF-8?q?amn=20med=20space,=20newline,=20osv...=20=3D)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
mysql-dbadm.c | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/mysql-dbadm.c b/mysql-dbadm.c
index 5a19fe1..1efe856 100644
--- a/mysql-dbadm.c
+++ b/mysql-dbadm.c
@@ -1,5 +1,5 @@
/*
- * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.13 2005-06-27 10:13:01 knuta Exp $
+ * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.14 2006-07-05 09:00:52 andersmo Exp $
*
* mysql-dbadm.c
*
@@ -18,6 +18,18 @@
#include <unistd.h>
#include "mysql-admutils.h"
+/* New database names may only use these characters in their identifier */
+const char dbname_validchars[] =
+ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-";
+
+/* Returns true if dbname contains only characters in dbname_validchars. */
+int dbname_isclean(char* dbname) {
+ int reallen, cleanlen;
+ reallen = strlen(dbname);
+ cleanlen = strspn(dbname, dbname_validchars);
+ return (reallen == cleanlen);
+}
+
char *
strchr_whitespace(const char *s)
{
@@ -500,7 +512,13 @@ main(int argc, char *argv[])
switch (command) {
case c_create:
- create(&mysql, db);
+ // We only check newly created databases. Many old ("unclean") databases are still in use.
+ if(dbname_isclean(db)) {
+ create(&mysql, db);
+ } else {
+ dberror(NULL, "Database name '%s' contains invalid characters.\n"
+ "Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", db);
+ }
break;
case c_drop:
drop(&mysql, db);