diff --git a/ChangeLog b/ChangeLog index e930cd45c..231abe535 100755 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,12 @@ phpMyAdmin - Changelog $Id$ $Source$ +2003-07-09 Michal Cihar + * libraries/auth/cookie.auth.lib.php3: Fixed broken login with backslash + in password/username (bug #747020). + * server_privileges.php3: Fixed escaping when backslash in + password/username. + 2003-07-09 Garvin Hicking * Documentation.html, config.inc.php3, libraries/common.lib.php3, libraries/config_import.lib.php3, header.inc.php3: Created auto-detection diff --git a/libraries/auth/cookie.auth.lib.php3 b/libraries/auth/cookie.auth.lib.php3 index 6b11f143c..15428e582 100644 --- a/libraries/auth/cookie.auth.lib.php3 +++ b/libraries/auth/cookie.auth.lib.php3 @@ -445,12 +445,15 @@ if (uname.value == '') { // Returns whether we get authentication settings or not if (!$from_cookie && !$from_form) { return FALSE; - } else { + } elseif ($from_cookie) { if (get_magic_quotes_gpc()) { $PHP_AUTH_USER = stripslashes($PHP_AUTH_USER); - $PHP_AUTH_PW = stripslashes($PHP_AUTH_PW); + // no need to strip password as it is encrypted during transfer } return TRUE; + } else { + // we don't need to strip here, it is done in grab_globals + return TRUE; } } // end of the 'PMA_auth_check()' function diff --git a/server_privileges.php3 b/server_privileges.php3 index 89eae3cf7..8476724f9 100644 --- a/server_privileges.php3 +++ b/server_privileges.php3 @@ -155,11 +155,11 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent = $username = $GLOBALS['username']; $hostname = $GLOBALS['hostname']; if ($db == '*') { - $sql_query = 'SELECT * FROM `user` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";'; + $sql_query = 'SELECT * FROM `user` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '";'; } else if ($table == '*') { - $sql_query = 'SELECT * FROM `db` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '";'; + $sql_query = 'SELECT * FROM `db` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '";'; } else { - $sql_query = 'SELECT `Table_priv` FROM `tables_priv` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";'; + $sql_query = 'SELECT `Table_priv` FROM `tables_priv` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";'; } $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); if ($res) { @@ -220,7 +220,7 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent = } } if (!empty($columns)) { - $sql_query = 'SELECT `Column_name`, `Column_priv` FROM `columns_priv` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";'; + $sql_query = 'SELECT `Column_name`, `Column_priv` FROM `columns_priv` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";'; $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); while ($row1 = PMA_mysql_fetch_row($res)) { $row1[1] = explode(',', $row1[1]); @@ -555,7 +555,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0) * Changes / copies a user, part I */ if (!empty($change_copy)) { - $local_query = 'SELECT * FROM `mysql`.`user` WHERE `User` = "' . $old_username . '" AND `Host` = "' . $old_hostname . '";'; + $local_query = 'SELECT * FROM `mysql`.`user` WHERE `User` = "' . PMA_sqlAddslashes($old_username) . '" AND `Host` = "' . $old_hostname . '";'; $res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query); if (!$res) { $message = $strNoUsersFound; @@ -597,7 +597,7 @@ if (!empty($adduser_submit) || !empty($change_copy)) { unset($row); break; } - $local_query = 'SELECT "foo" FROM `user` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";'; + $local_query = 'SELECT "foo" FROM `user` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '";'; $res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query); unset($local_query); if (mysql_affected_rows($userlink) == 1) { @@ -605,7 +605,7 @@ if (!empty($adduser_submit) || !empty($change_copy)) { $adduser = 1; } else { if (PMA_MYSQL_INT_VERSION >= 32211) { - $real_sql_query = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO "' . $username . '"@"' . $hostname . '"'; + $real_sql_query = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"'; if ($pred_password != 'none' && $pred_password != 'keep') { $pma_pw_hidden = ''; for ($i = 0; $i < strlen($pma_pw); $i++) { @@ -650,7 +650,7 @@ if (!empty($adduser_submit) || !empty($change_copy)) { unset($real_sql_query); } else { $privileges = PMA_extractPrivInfo(); - $real_sql_query = 'INSERT INTO `user` SET `Host` = "' . $hostname . '", `User` = "' . $username . '"'; + $real_sql_query = 'INSERT INTO `user` SET `Host` = "' . $hostname . '", `User` = "' . PMA_sqlAddslashes($username) . '"'; if ($pred_password != 'none') { $pma_pw_hidden = ''; for ($i = 0; $i < strlen($pma_pw); $i++) { @@ -679,16 +679,16 @@ if (!empty($adduser_submit) || !empty($change_copy)) { * Changes / copies a user, part III */ if (!empty($change_copy)) { - $local_query = 'SELECT * FROM `mysql`.`db` WHERE `User` = "' . $old_username . '" AND `Host` = "' . $old_hostname . '";'; + $local_query = 'SELECT * FROM `mysql`.`db` WHERE `User` = "' . PMA_sqlAddslashes($old_username) . '" AND `Host` = "' . $old_hostname . '";'; $res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query); while ($row = PMA_mysql_fetch_array($res, MYSQL_ASSOC)) { - $queries[] = 'GRANT ' . join(', ', PMA_extractPrivInfo($row)) . ' ON `' . $row['Db'] . '`.* TO "' . $username . '"@"' . $hostname . '"' . ($row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION' : '') . ';'; + $queries[] = 'GRANT ' . join(', ', PMA_extractPrivInfo($row)) . ' ON `' . $row['Db'] . '`.* TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"' . ($row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION' : '') . ';'; } mysql_free_result($res); - $local_query = 'SELECT `Db`, `Table_name`, `Table_priv` FROM `mysql`.`tables_priv` WHERE `User` = "' . $old_username . '" AND `Host` = "' . $old_hostname . '";'; + $local_query = 'SELECT `Db`, `Table_name`, `Table_priv` FROM `mysql`.`tables_priv` WHERE `User` = "' . PMA_sqlAddslashes($old_username) . '" AND `Host` = "' . $old_hostname . '";'; $res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query); while ($row = PMA_mysql_fetch_array($res, MYSQL_ASSOC)) { - $local_query = 'SELECT `Column_name`, `Column_priv` FROM `mysql`.`columns_priv` WHERE `User` = "' . $old_username . '" AND `Host` = "' . $old_hostname . '" AND `Db` = "' . $row['Db'] . '";'; + $local_query = 'SELECT `Column_name`, `Column_priv` FROM `mysql`.`columns_priv` WHERE `User` = "' . PMA_sqlAddslashes($old_username) . '" AND `Host` = "' . $old_hostname . '" AND `Db` = "' . $row['Db'] . '";'; $res2 = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query); $tmp_privs1 = PMA_extractPrivInfo($row); $tmp_privs2 = array( @@ -726,7 +726,7 @@ if (!empty($change_copy)) { $tmp_privs1[] = 'REFERENCES (`' . join(', ', $tmp_privs2['References']) . '`)'; } unset($tmp_privs2); - $queries[] = 'GRANT ' . join(', ', $tmp_privs1) . ' ON `' . $row['Db'] . '`.`' . $row['Table_name'] . '` TO "' . $username . '"@"' . $hostname . '"' . (in_array('Grant', explode(',', $row['Table_priv'])) ? ' WITH GRANT OPTION' : '') . ';'; + $queries[] = 'GRANT ' . join(', ', $tmp_privs1) . ' ON `' . $row['Db'] . '`.`' . $row['Table_name'] . '` TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"' . (in_array('Grant', explode(',', $row['Table_priv'])) ? ' WITH GRANT OPTION' : '') . ';'; } } @@ -737,9 +737,9 @@ if (!empty($change_copy)) { if (!empty($update_privs)) { if (PMA_MYSQL_INT_VERSION >= 32211) { $db_and_table = empty($dbname) ? '*.*' : PMA_backquote($dbname) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename)); - $sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM "' . $username . '"@"' . $hostname . '";'; - $sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM "' . $username . '"@"' . $hostname . '";'; - $sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO "' . $username . '"@"' . $hostname . '"'; + $sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '";'; + $sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '";'; + $sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"'; if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) { $sql_query2 .= 'WITH'; if (isset($Grant_priv) && $Grant_priv == 'Y') { @@ -818,8 +818,8 @@ if (!empty($change_pw)) { for ($i = 0; $i < strlen($pma_pw); $i++) { $hidden_pw .= '*'; } - $local_query = 'SET PASSWORD FOR "' . $username . '"@"' . $hostname . '" = PASSWORD("' . $pma_pw . '")'; - $sql_query = 'SET PASSWORD FOR "' . $username . '"@"' . $hostname . '" = PASSWORD("' . $hidden_pw . '")'; + $local_query = 'SET PASSWORD FOR "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '" = PASSWORD("' . PMA_sqlAddslashes($pma_pw) . '")'; + $sql_query = 'SET PASSWORD FOR "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '" = PASSWORD("' . $hidden_pw . '")'; PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink)); $message = sprintf($strPasswordChanged, '\'' . $username . '\'@\'' . $hostname . '\''); } @@ -842,14 +842,14 @@ if (!empty($delete) || (!empty($change_copy) && $mode < 4)) { if ($mode == 2) { // The SHOW GRANTS query may fail if the user has not been loaded // into memory - $res = PMA_mysql_query('SHOW GRANTS FOR "' . $this_user . '"@"' . $this_host . '";', $userlink); + $res = PMA_mysql_query('SHOW GRANTS FOR "' . PMA_sqlAddslashes($this_user) . '"@"' . $this_host . '";', $userlink); if ($res) { - $queries[] = 'REVOKE ALL PRIVILEGES ON *.* FROM "' . $this_user . '"@"' . $this_host . '";'; + $queries[] = 'REVOKE ALL PRIVILEGES ON *.* FROM "' . PMA_sqlAddslashes($this_user) . '"@"' . $this_host . '";'; while ($row = PMA_mysql_fetch_row($res)) { $this_table = substr($row[0], (strpos($row[0], 'ON') + 3), (strpos($row[0], ' TO ') - strpos($row[0], 'ON') - 3)); if ($this_table != '*.*') { - $queries[] = 'REVOKE ALL PRIVILEGES ON ' . $this_table . ' FROM "' . $this_user . '"@"' . $this_host . '";'; - $queries[] = 'REVOKE GRANT OPTION ON ' . $this_table . ' FROM "' . $this_user . '"@"' . $this_host . '";'; + $queries[] = 'REVOKE ALL PRIVILEGES ON ' . $this_table . ' FROM "' . PMA_sqlAddslashes($this_user) . '"@"' . $this_host . '";'; + $queries[] = 'REVOKE GRANT OPTION ON ' . $this_table . ' FROM "' . PMA_sqlAddslashes($this_user) . '"@"' . $this_host . '";'; } unset($this_table); } @@ -857,13 +857,13 @@ if (!empty($delete) || (!empty($change_copy) && $mode < 4)) { } unset($res); } - $queries[] = 'DELETE FROM `user` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";'; + $queries[] = 'DELETE FROM `user` WHERE `User` = "' . PMA_sqlAddslashes($this_user) . '" AND `Host` = "' . $this_host . '";'; if ($mode != 2) { // If we REVOKE the table grants, we should not need to modify the // `db`, `tables_priv` and `columns_priv` tables manually... - $queries[] = 'DELETE FROM `db` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";'; - $queries[] = 'DELETE FROM `tables_priv` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";'; - $queries[] = 'DELETE FROM `columns_priv` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";'; + $queries[] = 'DELETE FROM `db` WHERE `User` = "' . PMA_sqlAddslashes($this_user) . '" AND `Host` = "' . $this_host . '";'; + $queries[] = 'DELETE FROM `tables_priv` WHERE `User` = "' . PMA_sqlAddslashes($this_user) . '" AND `Host` = "' . $this_host . '";'; + $queries[] = 'DELETE FROM `columns_priv` WHERE `User` = "' . PMA_sqlAddslashes($this_user) . '" AND `Host` = "' . $this_host . '";'; } if (!empty($drop_users_db)) { $queries[] = 'DROP DATABASE IF EXISTS ' . PMA_backquote($this_user) . ';'; @@ -1056,7 +1056,7 @@ if (empty($adduser) && empty($checkprivs)) { } } echo '' . "\n"; - $res = PMA_mysql_query('SELECT "foo" FROM `user` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";', $userlink); + $res = PMA_mysql_query('SELECT "foo" FROM `user` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '";', $userlink); if (mysql_affected_rows($userlink) <= 0) { echo $strUserNotFound; include('./footer.inc.php3'); @@ -1094,9 +1094,9 @@ if (empty($adduser) && empty($checkprivs)) { . '  ' . $strAction . ' ' . "\n" . ' ' . "\n"; if (empty($dbname)) { - $sql_query = 'SELECT * FROM `db` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" ORDER BY `Db` ASC;'; + $sql_query = 'SELECT * FROM `db` WHERE `Host` = "' . $hostname . '" AND `User` = "' . PMA_sqlAddslashes($username) . '" ORDER BY `Db` ASC;'; } else { - $sql_query = 'SELECT `Table_name`, `Table_priv`, IF(`Column_priv` = "", 0, 1) AS "Column_priv" FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" AND `Db` = "' . $dbname . '" ORDER BY `Table_name` ASC;'; + $sql_query = 'SELECT `Table_name`, `Table_priv`, IF(`Column_priv` = "", 0, 1) AS "Column_priv" FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . PMA_sqlAddslashes($username) . '" AND `Db` = "' . $dbname . '" ORDER BY `Table_name` ASC;'; } $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); if (mysql_affected_rows($userlink) == 0) { @@ -1106,7 +1106,7 @@ if (empty($adduser) && empty($checkprivs)) { } else { $useBgcolorOne = TRUE; if (empty($dbname)) { - $res2 = PMA_mysql_query('SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" GROUP BY `Db` ORDER BY `Db` ASC;') or PMA_mysqlDie(PMA_mysql_error($userlink), 'SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" GROUP BY `Db` ORDER BY `Db` ASC;'); + $res2 = PMA_mysql_query('SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . PMA_sqlAddslashes($username) . '" GROUP BY `Db` ORDER BY `Db` ASC;') or PMA_mysqlDie(PMA_mysql_error($userlink), 'SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . PMA_sqlAddslashes($username) . '" GROUP BY `Db` ORDER BY `Db` ASC;'); $row2 = PMA_mysql_fetch_array($res2, MYSQL_ASSOC); } $found_rows = array();