nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed some bugs with the "other privileges" feature

Browse Source
This commit is contained in:
Loïc Chapeaux
2001-09-17 17:52:26 +00:00
parent 8bb824eeac
commit 2308142660
2 changed files with 21 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2001-09-17 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* users_detail.php3: fixed some bugs with the "other privileges" feature.
* lang/italian.inc.php3: updated thanks to Pietro Danesi.
2001-09-16 Lo<4C>c Chapeaux <lolo@phpheaven.net> 2001-09-16 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* headers.inc.php3; users_detail.php3; libraries/user_details.js; lang/*: * headers.inc.php3; users_detail.php3; libraries/user_details.js; lang/*:
rewrtitten the users script so it validates xhtml1.0, and fix a security rewrtitten the users script so it validates xhtml1.0, and fix a security

36
user_details.php3
View File

@@ -1072,18 +1072,9 @@ else if (isset($grants) && $grants) {
if (isset($upd_grants)) { if (isset($upd_grants)) {
$sql_query = ''; $sql_query = '';
$list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload', $col_list = '';
'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
for ($i = 0; $i < 14; $i++) {
$priv_name = $list_priv[$i] . '_priv';
if (isset($$priv_name)) {
$sql_query .= (empty($sql_query) ? $list_priv[$i] : ', ' . $list_priv[$i]);
}
} // end for
unset($list_priv);
if (isset($colgrant) && !$anycolumn) { if (isset($colgrant) && !$anycolumn) {
$col_list = '';
$colgrant_cnt = count($colgrant); $colgrant_cnt = count($colgrant);
for ($i = 0; $i < $colgrant_cnt; $i++) { for ($i = 0; $i < $colgrant_cnt; $i++) {
if (get_magic_quotes_gpc()) { if (get_magic_quotes_gpc()) {
@@ -1092,18 +1083,25 @@ else if (isset($grants) && $grants) {
$col_list .= (empty($col_list) ? backquote($colgrant[$i]) : ', ' . backquote($colgrant[$i])); $col_list .= (empty($col_list) ? backquote($colgrant[$i]) : ', ' . backquote($colgrant[$i]));
} // end for } // end for
unset($colgrant); unset($colgrant);
$col_list = '(' . $col_list . ')'; $col_list = ' (' . $col_list . ')';
$sql_query .= (empty($sql_query) ? $col_list : ' ' . $col_list);
} // end if } // end if
$target = (($anydb || empty($dbgrant)) ? '*' : backquote($dbgrant)) . '.' $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
. (($anytable || empty($tablegrant)) ? '*' : backquote($tablegrant)); 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
$sql_query .= (empty($sql_query) ? 'ON ' . $target : ' ON ' . $target); for ($i = 0; $i < 14; $i++) {
$priv_name = $list_priv[$i] . '_priv';
if (isset($$priv_name)) {
$sql_query .= (empty($sql_query) ? $list_priv[$i] : ', ' . $list_priv[$i]) . $col_list;
}
} // end for
unset($list_priv);
$target = (($pma_user == '%') ? $pma_user : '\'' . sql_addslashes($pma_user) . '\'') $sql_query .= ' ON '
. '@' . (($anydb || empty($dbgrant)) ? '*' : backquote($dbgrant))
. (($host == '%') ? $host : '\'' . sql_addslashes($host) . '\''); . '.'
$sql_query .= (empty($sql_query) ? 'TO ' . $target : ' TO ' . $target); . (($anytable || empty($tablegrant)) ? '*' : backquote($tablegrant));
$sql_query .= ' TO ' . '\'' . sql_addslashes($pma_user) . '\'' . '@' . '\'' . sql_addslashes($host) . '\'';
$sql_query = 'GRANT ' . $sql_query; $sql_query = 'GRANT ' . $sql_query;
$result = @mysql_query($sql_query) or mysql_die('', '', FALSE); $result = @mysql_query($sql_query) or mysql_die('', '', FALSE);