nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed possible SQL injection using database name

Browse Source
This commit is contained in:
Sebastian Mendel
2007-11-09 07:41:47 +00:00
parent c18c6ca27f
commit 01574baa55
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
$Id$
$HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
2.11.2.1 (not yet released)
- fixed possible SQL injection using database name
2.11.2.0 (2007-10-27)
- patch #1791576 HTTP auth: support REDIRECT_REMOTE_USER, thanks to Allard
+ [lang] Serbian update, thanks to Mihailo Stefanovic

2
server_privileges.php
View File

@@ -2032,7 +2032,7 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
. PMA_convert_using('`Db`') . ' AS `Db`, '
. $list_of_privileges
.' FROM `mysql`.`db`'
.' WHERE ' . PMA_convert_using($checkprivs, 'quoted')
.' WHERE ' . PMA_convert_using(PMA_sqlAddslashes($checkprivs), 'quoted')
.' LIKE ' . PMA_convert_using('`Db`')
.' AND NOT (' . $list_of_compared_privileges. ')) '
.'UNION '