From 01574baa5571dd99ccf12feadbed0bb1be60f1b9 Mon Sep 17 00:00:00 2001
From: Sebastian Mendel <cybot_tm@users.sourceforge.net>
Date: Fri, 9 Nov 2007 07:41:47 +0000
Subject: [PATCH] fixed possible SQL injection using database name

---
 ChangeLog             | 3 +++
 server_privileges.php | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 154704b60..e9c3d19c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
 $Id$
 $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
 
+2.11.2.1 (not yet released)
+- fixed possible SQL injection using database name
+
 2.11.2.0 (2007-10-27)
 - patch #1791576 HTTP auth: support REDIRECT_REMOTE_USER, thanks to Allard
 + [lang] Serbian update, thanks to Mihailo Stefanovic 
diff --git a/server_privileges.php b/server_privileges.php
index 40513e2d9..d4906bec7 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -2032,7 +2032,7 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
             .   PMA_convert_using('`Db`') . ' AS `Db`, '
             .   $list_of_privileges
             .' FROM `mysql`.`db`'
-            .' WHERE ' . PMA_convert_using($checkprivs, 'quoted')
+            .' WHERE ' . PMA_convert_using(PMA_sqlAddslashes($checkprivs), 'quoted')
             .' LIKE ' . PMA_convert_using('`Db`')
             .' AND NOT (' . $list_of_compared_privileges. ')) '
             .'UNION '