diff --git commands/sql/sql.drush.inc commands/sql/sql.drush.inc index d28284e..c333486 100644 --- commands/sql/sql.drush.inc +++ commands/sql/sql.drush.inc @@ -461,19 +461,53 @@ function _drush_sql_get_scheme($db_spec = NULL) { * Build a fragment containing credentials and mysql connection parameters. * * @param $db_spec + * For D5/D6, a $db_url. For D7, a target in the default DB connection. + * @param $dont_leak + * If possible, don't leak credentials on the command line. (defaults to TRUE) * @return string */ -function _drush_sql_get_credentials($db_spec = NULL) { +function _drush_sql_get_credentials($db_spec = NULL, $dont_leak = TRUE) { if (is_null($db_spec)) { $db_spec = _drush_sql_get_db_spec(); } switch (_drush_sql_get_scheme($db_spec)) { case 'mysql': - $cred = ' -h' . $db_spec['host'] . - (empty($db_spec['port']) ? '' : ' -P' . $db_spec['port']) . - ' -u' . $db_spec['username'] . - (empty($db_spec['password']) ? '' : ' -p' . $db_spec['password']) . ' ' . $db_spec['database']; + + if($dont_leak) { + $cfgdata = "[client]\nuser = ".$db_spec['username']."\n"; + $cfgdata = "{$cfgdata}host = ".$db_spec['host']."\n"; + if(!empty($db_spec['password'])) { + $cfgdata = "{$cfgdata}pass = ".$db_spec['password']."\n"; + } + if(!empty($db_spec['port'])) { + $cfgdata = "{$cfgdata}port = ".$db_spec['port']."\n"; + } + + $conf = tempnam(sys_get_temp_dir(),"my.cnf"); + if(FALSE === file_put_contents($conf, $cfgdata)) { + $err = error_get_last(); + $msg = "Unknown Error"; + if(is_array($err)) { + $msg = $err['message']; + } + + drush_log("Error writing MySQL credentials file: $msg", "error"); + } + else { + $cred = " --defaults-file=$conf"; + register_shutdown_function("_drush_sql_tmp_cleanup", $conf); + } + } + else { + $cred = ' -h' . $db_spec['host'] . + (empty($db_spec['port']) ? '' : ' -P' . $db_spec['port']) . + ' -u' . $db_spec['username'] . + (empty($db_spec['password']) ? '' : ' -p' . $db_spec['password']); + } + + + $cred .= " ".$db_spec['database']; break; case 'pgsql': $cred = (isset($db_spec['database']) ? ' -d ' . (empty($db_spec['database']) ? 'template1' : $db_spec['database']) : '') . @@ -490,6 +524,12 @@ function _drush_sql_get_credentials($db_spec = NULL) { return escapeshellcmd($cred); } +function _drush_sql_tmp_cleanup($file = NULL) { + if(!empty($file) && file_exists($file)) { + unlink($file); + } +} + function _drush_sql_get_invalid_url_msg($db_spec = NULL) { if (is_null($db_spec)) { $db_spec = _drush_sql_get_db_spec();