| [vhffs-dev] [1552] rewrote Robots::Mysql, fixed SQL injection possibilities |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 1552
Author: gradator
Date: 2010-03-07 03:50:04 +0100 (Sun, 07 Mar 2010)
Log Message:
-----------
rewrote Robots::Mysql, fixed SQL injection possibilities
Modified Paths:
--------------
trunk/vhffs-api/src/Vhffs/Robots/Mysql.pm
Modified: trunk/vhffs-api/src/Vhffs/Robots/Mysql.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Robots/Mysql.pm 2010-03-06 00:07:46 UTC (rev 1551)
+++ trunk/vhffs-api/src/Vhffs/Robots/Mysql.pm 2010-03-07 02:50:04 UTC (rev 1552)
@@ -42,116 +42,109 @@
use Vhffs::Constants;
use Vhffs::Functions;
+
+sub mysql_admin_db_connect
+{
+ use DBI;
+ my $vhffs = shift;
+ my $mysqlconfig = $vhffs->get_config->get_service('mysql');
+ my $dbuser = $mysqlconfig->{'username'};
+ my $dbpass = $mysqlconfig->{'password'};
+ my $dbhost = $mysqlconfig->{'host'};
+
+ return DBI->connect( 'DBI:mysql:dbname=mysql;host='.$dbhost , $dbuser , $dbpass );
+}
+
+
sub delete_db
{
my $main = shift;
my $db = shift;
+ return unless defined $db;
+ my $dbi = mysql_admin_db_connect( $main );
+ return unless $dbi;
+
my $query;
-
- if( defined $db )
- {
- $db->add_history( "Ok, robots takes the destruction of this database" );
- my $dbi = mysql_admin_db_connect( $main );
- if( $dbi != 1 )
- {
-# $query = "REVOKE ALL PRIVILEGES ON `".$db->get_dbname."` . * FROM \"".$db->get_dbname."\"";
+ $db->add_history( 'Ok, robots takes the destruction of this database' );
- $query = "DELETE FROM `user` WHERE User = '".$db->get_dbname."'";
- $dbi->do( $query ) or $db->add_history("Error while grant access to the database");
+ $query = 'DELETE FROM `user` WHERE User = \''.$db->get_dbname.'\'';
+ $dbi->do( $query ) or $db->add_history('Error while grant access to the database');
- $query = "DELETE FROM `db` WHERE User = '".$db->get_dbname."'";
- $dbi->do( $query ) or $db->add_history("Error while grant access to the database");
+ $query = 'DELETE FROM `db` WHERE User = \''.$db->get_dbname.'\'';
+ $dbi->do( $query ) or $db->add_history('Error while grant access to the database');
- $query = "DELETE FROM `tables_priv` WHERE User = '".$db->get_dbname."'";
- $dbi->do( $query ) or $db->add_history("Error while grant access to the database");
+ $query = 'DELETE FROM `tables_priv` WHERE User = \''.$db->get_dbname.'\'';
+ $dbi->do( $query ) or $db->add_history('Error while grant access to the database');
- $query = "DELETE FROM `columns_priv` WHERE User = '".$db->get_dbname."'";
- $dbi->do( $query ) or $db->add_history("Error while grant access to the database");
+ $query = 'DELETE FROM `columns_priv` WHERE User = \''.$db->get_dbname.'\'';
+ $dbi->do( $query ) or $db->add_history('Error while grant access to the database');
- $query = "DROP DATABASE `".$db->get_dbname."`";
- $dbi->do( $query ) or $db->add_history("Error while creating the database");
+ $query = 'DROP DATABASE `'.$db->get_dbname.'`';
+ $dbi->do( $query ) or $db->add_history('Error while deleting the database');
- $dbi->do( "FLUSH PRIVILEGES" );
- $dbi->disconnect;
- }
- $db->add_history( "Robots finished the destruction" );
- $db->delete;
- }
+ $dbi->do( 'FLUSH PRIVILEGES' );
+ $dbi->disconnect;
+
+ $db->add_history( 'Robots finished the destruction' );
+ $db->delete;
}
sub create_db
{
- my $main = shift;
- my $db = shift;
+ my $main = shift;
+ my $db = shift;
+ return unless defined $db;
- my $query;
-
- if( defined $db )
- {
- $db->add_history( "Ok, robots takes the creation of this database" );
- my $dbi = mysql_admin_db_connect( $main );
- if( $dbi != 1 )
- {
- # create the database
- $query = "CREATE DATABASE `".$db->get_dbname."`";
- $dbi->do( $query ) or $db->add_history("Error while creating the database");
+ my $dbi = mysql_admin_db_connect( $main );
+ return unless $dbi;
- # grant privileges to user
-# $query = "GRANT ALL PRIVILEGES ON `".$db->get_dbname."`.* TO `".$db->get_dbname."`@% IDENTIFIED BY '".$db->get_dbpassword."'";
- $query = "GRANT ALL ON ".$db->get_dbname.".* TO `".$db->get_dbname."` IDENTIFIED BY '".$db->get_dbpassword."'";
- $dbi->do( $query ) or $db->add_history( "An error occured while granting privileges to an admin user" );
+ my $query;
+ $db->add_history( 'Ok, robots takes the creation of this database' );
- $dbi->do( "FLUSH PRIVILEGES" );
- $dbi->disconnect;
- }
- $db->add_history( "Robots finished the creation" );
- $db->set_status( Vhffs::Constants::ACTIVATED );
- $db->commit;
- $db->blank_password;
- }
-}
+ # create the database
+ $query = 'CREATE DATABASE `'.$db->get_dbname.'`';
+ $dbi->do( $query ) or $db->add_history('Error while creating the database');
+ # grant privileges to user
+ $query = 'GRANT ALL ON '.$db->get_dbname.'.* TO '.$db->get_dbname.' IDENTIFIED BY ?';
+ $dbi->do( $query, undef, $db->get_dbpassword ) or $db->add_history( 'An error occured while granting privileges to an admin user' );
+ $dbi->do( 'FLUSH PRIVILEGES' );
+ $dbi->disconnect;
-sub mysql_admin_db_connect
-{
- use DBI;
- my $vhffs = shift;
- my $mysqlconfig = $vhffs->get_config->get_service('mysql');
- my $dbuser = $mysqlconfig->{'username'};
- my $dbpass = $mysqlconfig->{'password'};
- my $dbhost = $mysqlconfig->{'host'};
-
- return DBI->connect( "DBI:mysql:dbname=mysql;host=$dbhost",$dbuser,$dbpass ) or -1;
+ $db->add_history( 'Robots finished the creation' );
+ $db->set_status( Vhffs::Constants::ACTIVATED );
+ $db->commit;
+ $db->blank_password;
}
+
+
sub update_db
{
- my $main = shift;
- my $db = shift;
+ my $main = shift;
+ my $db = shift;
+ return unless defined $db;
- my $query;
+ my $dbi = mysql_admin_db_connect( $main );
+ return unless $dbi;
- if( defined $db )
- {
- $db->add_history( "Ok, will change password for this database" );
- my $dbi = mysql_admin_db_connect( $main );
- if( $dbi != 1 )
- {
- $query = 'UPDATE user SET PASSWORD=PASSWORD(?) WHERE user = ?';
- $dbi->do( $query, undef, $db->get_dbpassword, $db->get_dbname) or $db->add_history("Error while grant access to the database");
+ my $query;
+ $db->add_history( 'Ok, will change password for this database' );
- $dbi->do( 'FLUSH PRIVILEGES' );
- $dbi->disconnect;
- }
- $db->add_history( "Robots changed the password for this database" );
- $db->set_status( Vhffs::Constants::ACTIVATED );
- $db->commit;
- $db->blank_password;
- }
+ $query = 'UPDATE user SET PASSWORD=PASSWORD(?) WHERE user = ?';
+ $dbi->do( $query, undef, $db->get_dbpassword, $db->get_dbname) or $db->add_history('Error while grant access to the database');
+
+ $dbi->do( 'FLUSH PRIVILEGES' );
+ $dbi->disconnect;
+
+ $db->add_history( 'Robots changed the password for this database' );
+ $db->set_status( Vhffs::Constants::ACTIVATED );
+ $db->commit;
+ $db->blank_password;
}
1;