Fix mysql password #3235
Open
Fix mysql password #3235
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eldering
force-pushed
the
fix-mysql-password
branch
from
6d04e54 to
02540df
Compare
eldering
force-pushed
the
fix-mysql-password
branch
23 times, most recently
from
224970f to
9ca1d55
Compare
The domjudge mysql user should be created by our setup scripts, so that we test these and need to set the password only in one place. Rename mysql_root to mysql_log helper to clarify behaviour.
See for reference: - https://dev.mysql.com/doc/refman/8.0/en/connecting-using-uri-or-key-value-pairs.html#connecting-using-uri - https://symfony.com/doc/current/doctrine.html but note that we must use `rawurlencode` instead of `urlencode` which differ in how they encode a space (as tested). Fixes: #2651 Closes: #2502 as this is likely fixed but I couldn't reproduce it
Use URL encoding in DATABASE_URL and return mysql_options as an array (via ugly global variable), so each element in it can be separately added to the command line using `@` for expansion. Because of changing the script to bash, also reverts some of the changes in 483200a. The changed escaping of `DoctrineMigrations\\Version` passed to mysql is purely due to changing from `/bin/sh` to `/bin/bash`. Somehow passing that to the `mysql` wrapper function, it got unescaped before, even though `/bin/sh` is just a symlink to bash...
We don't care where the user is connecting from, and this helps when the MySQL server is not running on localhost.
This is consistent with all the other functions.
eldering
force-pushed
the
fix-mysql-password
branch
3 times, most recently
from
9a31f6b to
60d7773
Compare
eldering
force-pushed
the
fix-mysql-password
branch
from
60d7773 to
fa5654a
Compare
nickygerritsen
approved these changes
Nov 30, 2025
meisterT
reviewed
Dec 1, 2025
Member
meisterT
left a comment
meisterT
left a comment
There was a problem hiding this comment.
generally LGTM, please have a look at my replacement suggestion for escaping
| { | ||
| # We need to escape for PHP ' and \ by prefixing them with a \. | ||
| local str="${1//\\/\\\\}" | ||
| str="${str//\'/\\\'}" |
Member
There was a problem hiding this comment.
The whole escaping here looks error prone (and is still not correct).
What about using this trick instead which doesn't require escaping:
printf '%s' "$1" | php -r 'echo rawurlencode(file_get_contents("php://stdin"));'
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The password is passed inside the environment variable DATABASE_URL which is URI-like. However, it must be URL encoded there if it contains any strange characters, like a space, %, etc.
This also overhauls the CI job code to unify setting the mysql and admin password in one place and use our tooling instead of custom SQL queries where possible.
Recreate of #2660