BUG 1: mysql.pid file not cleaned up after process dies
- Location: cleanup_on_exit() function
- Impact: Stale PID files accumulate in TEMP_DATADIR over repeated runs
- Fix: Added rm -f of mysql.pid in cleanup_on_exit()
- Result: PID files now properly cleaned up on exit
BUG 2: mysql.err.old error log backups accumulate
- Location: cleanup_on_exit() function
- Impact: Error log backups accumulate over time, wasting disk space
- Fix: Added rm -f of mysql.err.old in cleanup_on_exit()
- Result: Error log backups no longer pile up
BUG 3: mysqldump errors silently ignored with 2>/dev/null
- Location: dump_database() function, line 1292
- Impact: If mysqldump fails, user sees no error message
- Problem: stderr redirected to /dev/null, errors lost
- Fix: Capture stderr to temp file, show errors if mysqldump fails
- Result: Users now see mysqldump errors with details
- Improvement: Clear error message with exit code + error details
Testing these fixes:
1. Run script multiple times - no mysql.pid accumulation
2. Check TEMP_DATADIR - no mysql.err.old files after cleanup
3. Force mysqldump failure (e.g., invalid socket) - see error message
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Improvements:
1. Enhanced root permission check (Lines 24-37)
- Clear error message explaining why root is required
- Lists all permission-required operations:
- Read access to /var/lib/mysql
- Create directories in /home
- Change file ownership
- Start mysqld daemon
- Access system config files
- Provides sudo command suggestion
2. MySQL data directory read permission check (Lines 189-231)
- Validates read access to detected MySQL directory
- Checks after each detection method (running MySQL, config, default)
- Provides helpful error message if permission denied
- Suggests running with sudo
3. Clear error messaging throughout
- Users now understand WHY permission is denied
- Actionable guidance (use sudo)
- Consistent error format
Impact:
- Prevents confusing silent failures deep in workflow
- Users immediately know if they need to use sudo
- Better debugging experience
- Professional error handling
Before: User runs script, goes through 3 steps, then fails with:
"Permission denied" with no context
After: User immediately sees:
"PERMISSION DENIED: This script must be run as root"
Lists exact reasons why
Suggests: "sudo ./script.sh"
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
New Function: check_dependencies()
- Verifies all 4 critical binaries exist before proceeding
- Binaries checked: mysqld, mysql, mysqldump, mysqladmin
- Clear error messages with installation instructions per OS
- Called early in main() before any interactive prompts
Impact:
- Prevents silent failures deep in the workflow
- Saves user time by failing fast with clear error messages
- Provides helpful package installation instructions
- Supports CentOS/RHEL, Debian/Ubuntu, AlmaLinux
- Runs once at startup (not repeatedly)
Before: User could go through all 5 steps only to fail when
mysqldump or mysqladmin was actually needed
After: Dependencies validated immediately, clear error if missing
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Documentation Coverage:
- Total functions: 20
- Previously documented: 13
- Now documented: 20 (100% coverage)
Added Function Descriptions:
- show_intro: Script overview banner
- step1_detect_datadir: Auto-detect/prompt for MySQL directory
- step2_set_restore_location: Configure temporary restore directory
- step3_select_database: Database selection from restored data
- step4_configure_options: InnoDB recovery and ticket options
- step5_create_dump: SQL dump creation and validation
- main: Orchestrate the 5-step workflow
Each function now includes:
- Clear one-line purpose statement
- Parameter descriptions where applicable
- Key variables set or used
- Main workflow steps
Impact: Significantly improves code maintainability and makes it easier
for new developers to understand the script structure and workflow.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Custom MySQL Data Directory Validation (Line 1313-1335):
- Validates custom path to prevent directory traversal attacks
- Rejects paths containing '../' sequences
- Resolves to absolute path using cd/pwd to prevent symlink attacks
- Prevents confusion and security issues with relative paths
- Example blocked: '../../../etc'
Ticket Number Validation (Line 1641-1650):
- Validates ticket numbers contain only safe alphanumeric characters
- Prevents filename/command injection via ticket number
- Allows only: [a-zA-Z0-9_-]
- Invalid characters result in skipping the ticket number
- Prevents log file corruption or path issues
Database Name Validation (Line 1622-1632):
- Manually entered database names checked for path traversal
- Rejects names containing '/' or '..'
- Prevents directory traversal when constructing database paths
- Array-selected databases already safe (from discovered databases)
- Example blocked: '../../evil_dir'
Impact: Hardens all major user input points against traversal attacks,
filename injection, and command injection. Script is now security-hardened.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Path Traversal Protection (Lines 1374-1405):
- Validates custom path input to prevent directory traversal attacks
- Rejects paths containing '../' sequences
- Prevents use of live MySQL directory (/var/lib/mysql)
- Resolves paths using realpath logic to get canonical absolute path
- Validates parent directory exists before accepting custom path
- Example blocked: '../../../etc/passwd' or '/var/lib/mysql'
Write Permission Validation (Lines 1435-1442):
- Checks that TEMP_DATADIR is writable before use
- Prevents silent failures when attempting to restore data
- Shows clear error message if directory lacks write permissions
- Critical for user experience - catches permission issues early
Impact: Prevents path traversal attacks, local privilege escalation risks,
and data loss from permission errors. Script is more defensive and robust.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
CRITICAL FIX - SQL Injection Vulnerability (Lines 1143, 1154, 1191, 1198):
- Database names were previously unescaped in SQL WHERE clauses
- Attacker could inject SQL via database name parameter
- Example exploit: 'mydb' OR '1'='1' would return all databases
- Fixed: Wrapped $dbname identifier with backticks in all SQL queries
- Backticks are the proper MySQL syntax for quoting identifiers
HIGH FIX - Recovery Mode Input Validation (Lines 1619-1641):
- User input for recovery mode (0-6) was not validated
- Could accept invalid values like "abc", "999", "-1"
- These would cause MySQL startup to fail with confusing errors
- Fixed: Added numeric range validation [[ recovery_mode -ge 0 && -le 6 ]]
- Invalid input now shows clear error message
Impact: Eliminates both information disclosure (SQL injection) and DoS risks
from invalid recovery mode values. Script is now significantly more robust.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
1. Remove dead code: Broken socket safety check (line 882)
- The condition [ "\$datadir/socket.mysql" = "/var/lib/mysql/mysql.sock" ]
would never be true and is redundant (real check exists at line 864)
- Removed 4 lines of dead code
2. Simplify confirmation logic (line 1660)
- Was: if [ "\$confirm" = "0" ] || [ "\$confirm" != "y" ]
- Now: if [ "\$confirm" != "y" ]
- More readable and clearer intent (only "y" proceeds)
3. Quote unquoted variable in kill command (line 1000)
- Was: kill -0 \$pid
- Now: kill -0 "\$pid"
- Prevents word splitting if PID contains spaces
4. Clarify script flow (line 740-742)
- Added comment explaining why script exits after show_recovery_options()
- Helps users understand they must re-run script with new recovery level
- Prevents confusion about script termination
This is intentional design: show recovery options, user manually selects
level, user re-runs script. This prevents blind escalation through recovery
levels without explicit user approval at each step (safety consideration).
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
MAJOR FIX: The error detection function was calculating the correct
recovery level, but the show_recovery_options() function was NOT using
the results - it was still using the old level-based progression logic.
Changes:
1. Missing files section (lines 435-445):
- Now calls detect_recovery_level_from_errors()
- Displays "Error analysis recommends: Force Recovery Level X"
- Shows the recommended level to user prominently
2. Redo log incompatibility section (lines 568-615):
- Now calls detect_recovery_level_from_errors()
- Shows "Error analysis recommends: Force Recovery Level X"
- Correctly uses Level 5 (not hardcoded Level 6)
- Explains consequences of that level
3. Corruption section (lines 599-675):
- Now uses recommended_level to determine what to display
- Shows "Try Force Recovery Level X" based on detection
- Only shows escalation levels up to recommended_level
- Marks the detected level with "RECOMMENDED" indicator
Impact:
- Error detection now drives the actual user-facing recommendations
- Recovery level selection is now truly intelligent, not just level progression
- User gets the right recommendation based on error TYPE, not guesswork
- Escalation happens only if user retries at the same level
All 3 error paths now properly use error-based detection results.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Apply proper shutdown validation to pre-startup cleanup (line 881-899)
If a stale socket exists, wait for it to be removed instead of just
sleeping 2 seconds. Uses same pattern as stop_second_instance().
- Apply proper shutdown validation to error path (line 937-960)
When InnoDB errors are detected, use validated shutdown with socket
removal verification instead of fire-and-forget mysqladmin call.
- All 4 shutdown paths now consistently:
1. Send graceful shutdown
2. Wait for socket file to disappear
3. Clean up stale socket/lock files
4. Verify process termination
This ensures no stale processes/sockets remain that could cause crashes
on subsequent script runs.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Fix recovery level selection logic: Now uses error-type-based detection instead of
level-based progression. Added detect_recovery_level_from_errors() function that
maps specific error patterns to appropriate recovery levels (missing files → Level 1,
redo incompatibility → Level 5, corruption → Levels 1/4/6 with escalation, etc.)
- Fix shutdown/reset crashes: Improved stop_second_instance() and cleanup_on_exit()
trap handlers with proper validation. Now verifies socket removal and process
termination before marking instance as stopped. Implements graceful shutdown with
force-kill fallback if needed. Prevents stale sockets/locks that cause crashes
on subsequent runs.
- Fix while loop condition: Removed buggy [ -n "$count" ] check that was always true.
Loop now correctly terminates based on numeric condition [ "$count" -lt 30 ].
- Integrate error-based recovery recommendations: Modified show_recovery_options()
to call detect_recovery_level_from_errors() early and display both error type
and recommended recovery level to user. Provides intelligent, error-specific
guidance instead of generic level progression.
All changes validated:
✓ Syntax check: bash -n passing
✓ QA scan: No new HIGH issues introduced (2 MEDIUM, 1 LOW are pre-existing)
✓ Script still handles all recovery scenarios
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Added proper null/empty checks and variable quoting in 3 files:
1. wordpress-cron-manager.sh (2 issues):
- Added validation for $site_path before use
- Quoted variable in cron command to prevent word splitting
- Lines 446-449: Check if path is empty or invalid before processing
2. malware-scanner.sh (1 issue):
- Added safety check for $SCAN_DIR before suggesting rm -rf command
- Prevents dangerous rm operations if variable is empty or root
- Line 1583-1585: Guard against accidental deletions
3. mysql-restore-to-sql.sh (2 issues):
- Quoted $datadir in echo statements showing manual commands
- Lines 426, 441, 444, 447: Proper quoting in examples
Impact: Prevents potential issues from empty/undefined variables
Automatically detects when missing tablespace errors are unrelated to the
selected database and recommends Force Recovery Level 1.
Changes:
- Added selected_database parameter to show_recovery_options()
- Detects if missing files are from selected DB vs other DBs
- Shows clear recommendation when missing files are ONLY from other databases
- Explains that Force Recovery Level 1 is safe and correct for selective restore
- Prevents user confusion when restoring single DB from full backup
Use case:
When user restores ibdata1 + single database (e.g., amea_wp) from a full backup,
ibdata1 contains metadata for all databases. Script now detects this and says:
'SMART DETECTION: Missing files are from OTHER databases, not amea_wp'
'Your selected database amea_wp appears to have all files!'
'RECOMMENDED ACTION: Use Force Recovery Level 1'
This eliminates confusion and guides users to the correct solution.
The intelligent recovery system wasn't detecting missing .ibd files because
MariaDB/MySQL error format uses 'was not found at' instead of 'missing'.
Changes:
- Added 'was not found at' pattern to grep searches (3 locations)
- Enhanced tablespace extraction to parse './db/table.ibd' format
- Extracts database/table from error: 'Tablespace N was not found at ./db/table.ibd'
- Falls back to quoted tablespace name extraction if new pattern doesn't match
Now when script detects missing .ibd files it will:
- Show DIAGNOSIS: Missing or unopenable tablespace files
- List exact missing tables with database names
- Provide copy-paste ready cp commands
- Show all recovery options instead of generic troubleshooting
- Removed control panel path documentation from script header
(system-detect.sh already documents and shows this when it runs)
- Changed detect_control_panel from silent (>/dev/null) to visible output
so users see what control panel was detected and which paths will be used
- Added comment explaining SYS_USER_HOME_BASE usage
Added comprehensive documentation to script header:
- Lists all 4 control panel paths (cPanel, Plesk, InterWorx, standalone)
- References source: lib/system-detect.sh -> SYS_USER_HOME_BASE
- Documents InterWorx special case (/chroot/home vs /home symlink)
- Shows restore directory and SQL output directory formats
- Makes it clear where paths come from for maintenance
Changes to modules/backup/mysql-restore-to-sql.sh:
Multi-Control Panel Support:
- Source system-detect.sh to detect control panel
- Use SYS_USER_HOME_BASE for restore directory paths
- cPanel/InterWorx/Standalone: /home
- Plesk: /var/www/vhosts
- Fixes issue where InterWorx/Plesk don't have /home directories
SQL Output Location Fix:
- Changed output from current working directory to restore directory
- SQL files now saved to parent of TEMP_DATADIR
Example: /home/temp/restore20251210/ (not /root/)
- Prevents cluttering control panel system directories
- Added print_info showing exact save location before dump
Safety Enhancements:
- Added check_disk_space() function (validates 2x required space)
- Added warn_force_recovery() function (levels 5-6 require risk acknowledgment)
- Integrated disk space check before dump creation
- Integrated force recovery warnings in step4_configure_options()
- Added cleanup trap handler for Ctrl+C/interruption
- Critical safety check prevents using /var/lib/mysql as restore dir
Changes to REFDB_FORMAT.txt:
- Documented multi-control panel support
- Added control_panel_paths section with all 4 panel paths
- Updated output location documentation
- Added safety features documentation
- Updated features list
QA Status: ✅ PASSED
- 0 CRITICAL issues
- 0 HIGH issues
- Syntax validated
- All safety checks functional
cschantz