diff --git commands/sql/sql.drush.inc commands/sql/sql.drush.inc index d28284e..842d4c1 100644 --- commands/sql/sql.drush.inc +++ commands/sql/sql.drush.inc @@ -141,15 +141,14 @@ function drush_sql_conf() { /** * Command callback. Emits a connect string for mysql or pgsql. */ -function _drush_sql_connect($db_spec = NULL) { +function _drush_sql_connect($db_spec = NULL, $dont_leak = TRUE) { + $creds = _drush_sql_get_credentials($db_spec, $dont_leak); switch (_drush_sql_get_scheme($db_spec)) { case 'mysql': - $command = 'mysql ' . (drush_get_context('DRUSH_DEBUG') ? ' -v' : ''); - $command .= _drush_sql_get_credentials($db_spec); + $command = 'mysql ' . (drush_get_context('DRUSH_DEBUG') ? ' -v' : '') . $creds; break; case 'pgsql': - $command = 'psql'; - $command .= _drush_sql_get_credentials($db_spec); + $command = 'psql'.$creds; break; } return $command; @@ -461,19 +460,54 @@ function _drush_sql_get_scheme($db_spec = NULL) { * Build a fragment containing credentials and mysql connection parameters. * * @param $db_spec + * For D5/D6, a $db_url. For D7, a target in the default DB connection. + * @param $dont_leak + * If possible, don't leak credentials on the command line. (defaults to TRUE) + * * @return string */ -function _drush_sql_get_credentials($db_spec = NULL) { +function _drush_sql_get_credentials($db_spec = NULL, $dont_leak = TRUE) { if (is_null($db_spec)) { $db_spec = _drush_sql_get_db_spec(); } switch (_drush_sql_get_scheme($db_spec)) { case 'mysql': - $cred = ' -h' . $db_spec['host'] . - (empty($db_spec['port']) ? '' : ' -P' . $db_spec['port']) . - ' -u' . $db_spec['username'] . - (empty($db_spec['password']) ? '' : ' -p' . $db_spec['password']) . ' ' . $db_spec['database']; + + if($dont_leak) { + $cfgdata = "[client]\nuser = ".$db_spec['username']."\n"; + $cfgdata = "{$cfgdata}host = ".$db_spec['host']."\n"; + if(!empty($db_spec['password'])) { + $cfgdata = "{$cfgdata}pass = ".$db_spec['password']."\n"; + } + if(!empty($db_spec['port'])) { + $cfgdata = "{$cfgdata}port = ".$db_spec['port']."\n"; + } + + $conf = tempnam(sys_get_temp_dir(),"my.cnf"); + if(FALSE === file_put_contents($conf, $cfgdata)) { + $err = error_get_last(); + $msg = "Unknown Error"; + if(is_array($err)) { + $msg = $err['message']; + } + + drush_log("Error writing MySQL credentials file: $msg", "error"); + } + else { + $cred = " --defaults-file=$conf"; + register_shutdown_function("_drush_sql_tmp_cleanup", $conf); + } + } + else { + $cred = ' -h' . $db_spec['host'] . + (empty($db_spec['port']) ? '' : ' -P' . $db_spec['port']) . + ' -u' . $db_spec['username'] . + (empty($db_spec['password']) ? '' : ' -p' . $db_spec['password']); + } + + + $cred .= " ".$db_spec['database']; break; case 'pgsql': $cred = (isset($db_spec['database']) ? ' -d ' . (empty($db_spec['database']) ? 'template1' : $db_spec['database']) : '') . @@ -490,6 +524,12 @@ function _drush_sql_get_credentials($db_spec = NULL) { return escapeshellcmd($cred); } +function _drush_sql_tmp_cleanup($file = NULL) { + if(!empty($file) && file_exists($file)) { + unlink($file); + } +} + function _drush_sql_get_invalid_url_msg($db_spec = NULL) { if (is_null($db_spec)) { $db_spec = _drush_sql_get_db_spec(); diff --git commands/sql/sync.sql.inc commands/sql/sync.sql.inc index 4e3a621..a2866e0 100644 --- commands/sql/sync.sql.inc +++ commands/sql/sync.sql.inc @@ -232,7 +232,7 @@ function _drush_sql_sync($source, $destination, $show_warning = TRUE) { if (isset($db_superuser)) { $create_db_target['username'] = $db_superuser; } - $db_su_connect = _drush_sql_connect($create_db_target); + $db_su_connect = _drush_sql_connect($create_db_target, FALSE); switch (_drush_sql_get_scheme($target_db_url)) { case 'mysql': $pre_import_commands = 'echo "CREATE DATABASE ' . $target_db_url['database'] . '; GRANT ALL PRIVILEGES ON ' . $target_db_url['database'] . '.* TO \'' . $target_db_url['username'] . '\'@\'localhost\' IDENTIFIED BY \'' . $target_db_url['password'] . '\';" | mysql --password=\'' . $target_db_url['password'] . '\'; '; @@ -244,7 +244,7 @@ function _drush_sql_sync($source, $destination, $show_warning = TRUE) { } // Generate the import command - $import_command = _drush_sql_connect($target_db_url); + $import_command = _drush_sql_connect($target_db_url, FALSE); switch (_drush_sql_get_scheme($target_db_url)) { case 'mysql': $import_command .= ' ' . (drush_get_context('DRUSH_DEBUG') ? ' -v' : '--silent');