CRITICAL FIX - SQL Injection Vulnerability (Lines 1143, 1154, 1191, 1198):
- Database names were previously unescaped in SQL WHERE clauses
- Attacker could inject SQL via database name parameter
- Example exploit: 'mydb' OR '1'='1' would return all databases
- Fixed: Wrapped $dbname identifier with backticks in all SQL queries
- Backticks are the proper MySQL syntax for quoting identifiers
HIGH FIX - Recovery Mode Input Validation (Lines 1619-1641):
- User input for recovery mode (0-6) was not validated
- Could accept invalid values like "abc", "999", "-1"
- These would cause MySQL startup to fail with confusing errors
- Fixed: Added numeric range validation [[ recovery_mode -ge 0 && -le 6 ]]
- Invalid input now shows clear error message
Impact: Eliminates both information disclosure (SQL injection) and DoS risks
from invalid recovery mode values. Script is now significantly more robust.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
cschantz
02b7b36f58