My MySQL password contains a $, which prevents drush from bootstrapping the Drupal database. Could be a duplicate of #348160: MySQL access denied problem. The $ is translated to %24 in settings.php as per

* Note that the $db_url variable gets parsed using PHP's built-in
* URL parser (i.e. using the "parse_url()" function) so make sure
* not to confuse the parser. If your username, password
* or database name contain characters used to delineate
* $db_url parts, you can escape them via URI hex encodings:
*
* : = %3a / = %2f @ = %40
* + = %2b ( = %28 ) = %29
* ? = %3f = = %3d & = %26
CommentFileSizeAuthor
#11 drush-433652-11.patch1.22 KBkdebaas
#9 url3.patch2.89 KBkdebaas
#6 url.patch1.76 KBkdebaas
#5 drush-HEAD-2009_04_19.patch1.51 KBkhorpyakov

Comments

moshe weitzman’s picture

moshe weitzman commented
Priority: Critical » Minor
moshe weitzman’s picture

moshe weitzman commented
Assigned: Unassigned » adrian
kkaefer’s picture

kkaefer commented

I can confirm that this is happening. Apparently the password is not decoded but used as is.

grahamc’s picture

grahamc
Location Oxford, UK
commented

I was having issues with special characters in my mysql password too.

I don't think it's anything to do with characters being uri encoded though, merely that special shell characters aren't being escaped. Amending _drush_sql_get_credentials() to put the password string through escapeshellarg() did the trick for me.

khorpyakov’s picture

khorpyakov commented
StatusFileSize
new drush-HEAD-2009_04_19.patch1.51 KB
kdebaas’s picture

kdebaas commented
StatusFileSize
new url.patch1.76 KB

Above patch works for me. However, shouldn't the mysql user and database name receive the same treatment, as in attached patch?

moshe weitzman’s picture

moshe weitzman commented
Status: Active » Needs work

Well done ... I think the new postgres section of that function needs the same treatment ... Also, should we use escapeshllarg() elsewhere such is in eval command?

khorpyakov’s picture

khorpyakov commented

yeah and use escapeshellcmd because it escapes not only single and double quotes but all the special characters (including ! in my case).

kdebaas’s picture

kdebaas commented
Title: password containing parse_url() delineating characters triggers MySQL access denied » special shell characters in password aren't being escaped, triggering MySQL access denied
Status: Needs work » Needs review
StatusFileSize
new url3.patch2.89 KB

I corrected an oversight in my previous patch, where I failed to apply the escapeshellcmd to the mysql user, and applied escapeshellcmd to the new postgres section, which needs to be reviewed.

I didn't look at eval, and I don't know if the Drupal 7 part of _drush_bootstrap_drupal_configuration() in environment.inc needs to be urldecoded.

moshe weitzman’s picture

moshe weitzman commented

Why do we url_decode() in one hunk and not in the other? I'd appreciate a review from someone else who is sufferring this problem

kdebaas’s picture

kdebaas commented
StatusFileSize
new drush-433652-11.patch1.22 KB

This new patch is more logical and simpler. To clarify, there are two different bugs, as I understand it:

  • The database credentials are not decoded but used as is.
  • Special shell characters aren't being escaped in _drush_sql_get_credentials()
moshe weitzman’s picture

moshe weitzman commented
Status: Needs review » Fixed

Committed. thanks.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.