nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

"SELECT" privilege on the "Password" field is no long required for the standard user

Browse Source
This commit is contained in:
Loïc Chapeaux
2001-10-27 12:09:54 +00:00
parent 60c83319fe
commit 2a56aad036
3 changed files with 26 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@@ -9,6 +9,12 @@ $Source$
2001-10-27 Lo<4C>c Chapeaux <lolo@phpheaven.net> 2001-10-27 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* read_dump.php3, lines 286-288; lang/*: "there is no query" were displayed * read_dump.php3, lines 286-288; lang/*: "there is no query" were displayed
when deleting a bookmark. when deleting a bookmark.
* Documentation.php3; main.php3; libraries/common.lib.php3: feature request
#??? (will update this whn SF is up) - Improved security by no long
requiring the "SELECT" privilege on the "Password" field for the standard
user.
* Documentation.html: added faq entries about a Xitami 2.5b4 bug and a
widespread IIS misconfiguration problem.
2001-10-27 Olivier M<>ller <om@omnis.ch> 2001-10-27 Olivier M<>ller <om@omnis.ch>
* config.inc.php3: put the ENCRYPT function back to the config file. * config.inc.php3: put the ENCRYPT function back to the config file.

34
libraries/common.lib.php3
View File

@@ -104,36 +104,42 @@ if (!defined('__LIB_COMMON__')){
// For compatibility with old config.inc.php3 // For compatibility with old config.inc.php3
if (!isset($cfgShowStats)) { if (!isset($cfgShowStats)) {
$cfgShowStats = TRUE; $cfgShowStats = TRUE;
} }
if (!isset($cfgShowTooltip)) { if (!isset($cfgShowTooltip)) {
$cfgShowTooltip = TRUE; $cfgShowTooltip = TRUE;
} }
if (!isset($cfgShowAll)) { if (!isset($cfgShowAll)) {
$cfgShowAll = FALSE; $cfgShowAll = FALSE;
}
if (!isset($cfgNavigationBarIconic)) {
$cfgNavigationBarIconic = TRUE;
} }
if (!isset($cfgProtectBinary)) { if (!isset($cfgProtectBinary)) {
if (isset($cfgProtectBlob)) { if (isset($cfgProtectBlob)) {
$cfgProtectBinary = ($cfgProtectBlob ? 'blob' : FALSE); $cfgProtectBinary = ($cfgProtectBlob ? 'blob' : FALSE);
unset($cfgProtectBlob); unset($cfgProtectBlob);
} else { } else {
$cfgProtectBinary = 'blob'; $cfgProtectBinary = 'blob';
} }
} }
if (!isset($cfgZipDump)) { if (!isset($cfgZipDump)) {
$cfgZipDump = (isset($cfgGZipDump) ? $cfgGZipDump : TRUE); $cfgZipDump = (isset($cfgGZipDump) ? $cfgGZipDump : TRUE);
} }
if (!isset($cfgLeftBgColor)) { if (!isset($cfgLeftBgColor)) {
$cfgLeftBgColor = '#D0DCE0'; $cfgLeftBgColor = '#D0DCE0';
} }
if (!isset($cfgRightBgColor)) { if (!isset($cfgRightBgColor)) {
$cfgRightBgColor = '#F5F5F5'; $cfgRightBgColor = '#F5F5F5';
}
if (!isset($cfgPointerColor)) {
$cfgPointerColor = '#CCFFCC';
} }
if (!isset($cfgTextareaCols)) { if (!isset($cfgTextareaCols)) {
$cfgTextareaCols = 40; $cfgTextareaCols = 40;
} }
if (!isset($cfgTextareaRows)) { if (!isset($cfgTextareaRows)) {
$cfgTextareaRows = 7; $cfgTextareaRows = 7;
} }
// Adds a trailing slash et the end of the phpMyAdmin uri if it does not // Adds a trailing slash et the end of the phpMyAdmin uri if it does not
@@ -527,7 +533,7 @@ if (!defined('__LIB_COMMON__')){
if (ereg($re, $dblist[$i])) { if (ereg($re, $dblist[$i])) {
$local_query = 'SHOW DATABASES LIKE \'' . $dblist[$i] . '\''; $local_query = 'SHOW DATABASES LIKE \'' . $dblist[$i] . '\'';
$rs = mysql_query($local_query, $dbh); $rs = mysql_query($local_query, $dbh);
// "SHOW DATABASES" statements are disabled // "SHOW DATABASES" statement is disabled
if ($i == 0 if ($i == 0
&& (mysql_error() && mysql_errno() == 1045)) { && (mysql_error() && mysql_errno() == 1045)) {
$true_dblist = $dblist; $true_dblist = $dblist;
@@ -555,11 +561,9 @@ if (!defined('__LIB_COMMON__')){
// 'only_db' is empty for the current user -> checks for available // 'only_db' is empty for the current user -> checks for available
// databases in the "mysql" db // databases in the "mysql" db
else { else {
$auth_query = 'SELECT User, Password, Select_priv ' $auth_query = 'SELECT User, Select_priv '
. 'FROM mysql.user ' . 'FROM mysql.user '
. 'WHERE ' . 'WHERE User = \'' . sql_addslashes($cfgServer['user']) . '\'';
. 'User = \'' . sql_addslashes($cfgServer['user']) . '\' '
. 'AND Password = PASSWORD(\'' . sql_addslashes($cfgServer['password']) . '\')';
$rs = mysql_query($auth_query, $dbh); // Debug: or mysql_die('', $auth_query, FALSE); $rs = mysql_query($auth_query, $dbh); // Debug: or mysql_die('', $auth_query, FALSE);
} // end if } // end if

2
main.php3
View File

@@ -161,7 +161,7 @@ if ($server > 0)
$is_reload_priv = FALSE; $is_reload_priv = FALSE;
$is_superuser = @mysql_query('USE mysql', $userlink); $is_superuser = @mysql_query('USE mysql', $userlink);
if ($dbh) { if ($dbh) {
$local_query = 'SELECT * FROM mysql.user WHERE User = \'' . sql_addslashes($cfgServer['user']) . '\''; $local_query = 'SELECT Create_priv, Process_priv, Reload_priv FROM mysql.user WHERE User = \'' . sql_addslashes($cfgServer['user']) . '\' OR User = \'\'';
$rs_usr = mysql_query($local_query, $dbh); // Debug: or mysql_die('', $local_query, FALSE); $rs_usr = mysql_query($local_query, $dbh); // Debug: or mysql_die('', $local_query, FALSE);
if ($rs_usr) { if ($rs_usr) {
$result_usr = mysql_fetch_array($rs_usr); $result_usr = mysql_fetch_array($rs_usr);