From 5e24e1311ecdf32df1c7c545b7e1c642e735c305 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= <rene.cannao@gmail.com>
Date: Sun, 11 Jan 2015 03:17:00 +0000
Subject: [PATCH] Issue #130 Ensure that all the commands executed in Monitor
 interface are read only Create a small lists of not allowed commands: -
 PRAGMA - ATTACH In case such commands are executed, they are logged in error
 log as warnings

---
 lib/Standard_ProxySQL_Admin.cpp | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/lib/Standard_ProxySQL_Admin.cpp b/lib/Standard_ProxySQL_Admin.cpp
index 815e45eb3..c09cd3b3f 100644
--- a/lib/Standard_ProxySQL_Admin.cpp
+++ b/lib/Standard_ProxySQL_Admin.cpp
@@ -775,13 +775,27 @@ void admin_session_handler(MySQL_Session *sess, ProxySQL_Admin *pa, PtrSize_t *p
 		goto __run_query;
 	}
 
+	if (sess->monitor==true) {
+		if (
+			(strncasecmp("PRAGMA",query_no_space,6)==0)
+			||
+			(strncasecmp("ATTACH",query_no_space,6)==0)
+		) {
+			proxy_error("[WARNING]: Commands executed from Monitor interface in Admin Module: \"%s\"\n", query_no_space);
+			SPA->send_MySQL_ERR(&sess->myprot_client, (char *)"Command not allowed");
+			run_query=false;
+		}
+	}
+
 __run_query:
 	if (run_query) {
 		Standard_ProxySQL_Admin *SPA=(Standard_ProxySQL_Admin *)pa;
 		if (sess->monitor==false) {
 			SPA->admindb->execute_statement(query, &error , &cols , &affected_rows , &resultset);
 		} else {
+			SPA->monitordb->execute("PRAGMA query_only = ON");
 			SPA->monitordb->execute_statement(query, &error , &cols , &affected_rows , &resultset);
+			SPA->monitordb->execute("PRAGMA query_only = OFF");
 		}
 		SPA->SQLite3_to_MySQL(resultset, error, affected_rows, &sess->myprot_client);
 	}