nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'MAINT_3_3_5' into QA_3_3

Browse Source 
Conflicts:
	ChangeLog
	libraries/common.lib.php
This commit is contained in:
Michal Čihař
2010-08-20 13:36:49 +02:00
parent 893abac3e5 d128f80605
commit 41145feb12
16 changed files with 84 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
server_privileges.php
View File

@@ -1153,7 +1153,7 @@ if (!empty($update_privs)) {
}
$sql_query = $sql_query0 . ' ' . $sql_query1 . ' ' . $sql_query2;
$message = PMA_Message::success('strUpdatePrivMessage');
$message->addParam('\'' . $username . '\'@\'' . $hostname . '\'');
$message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
}
@@ -1177,7 +1177,7 @@ if (isset($_REQUEST['revokeall'])) {
}
$sql_query = $sql_query0 . ' ' . $sql_query1;
$message = PMA_Message::success('strRevokeMessage');
$message->addParam('\'' . $username . '\'@\'' . $hostname . '\'');
$message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
if (! isset($tablename)) {
unset($dbname);
} else {
@@ -1213,7 +1213,7 @@ if (isset($_REQUEST['change_pw'])) {
PMA_DBI_try_query($local_query)
or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, FALSE, $err_url);
$message = PMA_Message::success('strPasswordChanged');
$message->addParam('\'' . $username . '\'@\'' . $hostname . '\'');
$message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
}
}
@@ -1595,8 +1595,8 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
if (isset($dbname)) {
echo ' <i><a href="server_privileges.php?'
. $GLOBALS['url_query'] . '&amp;username=' . urlencode($username)
. '&amp;hostname=' . urlencode($hostname) . '&amp;dbname=&amp;tablename=">\''
. $GLOBALS['url_query'] . '&amp;username=' . htmlspecialchars(urlencode($username))
. '&amp;hostname=' . htmlspecialchars(urlencode($hostname)) . '&amp;dbname=&amp;tablename=">\''
. htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname)
. '\'</a></i>' . "\n";
$url_dbname = urlencode(str_replace(array('\_', '\%'), array('_', '%'), $dbname));
@@ -1604,8 +1604,8 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
echo ' - ' . ($dbname_is_wildcard ? $GLOBALS['strDatabases'] : $GLOBALS['strDatabase'] );
if (isset($tablename)) {
echo ' <i><a href="server_privileges.php?' . $GLOBALS['url_query']
. '&amp;username=' . urlencode($username) . '&amp;hostname=' . urlencode($hostname)
. '&amp;dbname=' . $url_dbname . '&amp;tablename=">' . htmlspecialchars($dbname) . '</a></i>';
. '&amp;username=' . htmlspecialchars(urlencode($username)) . '&amp;hostname=' . htmlspecialchars(urlencode($hostname))
. '&amp;dbname=' . htmlspecialchars($url_dbname) . '&amp;tablename=">' . htmlspecialchars($dbname) . '</a></i>';
echo ' - ' . $GLOBALS['strTable'] . ' <i>' . htmlspecialchars($tablename) . '</i>';
} else {
echo ' <i>' . htmlspecialchars($dbname) . '</i>';
@@ -1839,16 +1839,16 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
}
echo '</td>' . "\n"
. ' <td>';
printf($link_edit, urlencode($username),
urlencode($hostname),
urlencode((! isset($dbname)) ? $row['Db'] : $dbname),
printf($link_edit, htmlspecialchars(urlencode($username)),
urlencode(htmlspecialchars($hostname)),
urlencode((! isset($dbname)) ? $row['Db'] : htmlspecialchars($dbname)),
urlencode((! isset($dbname)) ? '' : $row['Table_name']));
echo '</td>' . "\n"
. ' <td>';
if (! empty($row['can_delete']) || isset($row['Table_name']) && strlen($row['Table_name'])) {
printf($link_revoke, urlencode($username),
urlencode($hostname),
urlencode((! isset($dbname)) ? $row['Db'] : $dbname),
printf($link_revoke, htmlspecialchars(urlencode($username)),
urlencode(htmlspecialchars($hostname)),
urlencode((! isset($dbname)) ? $row['Db'] : htmlspecialchars($dbname)),
urlencode((! isset($dbname)) ? '' : $row['Table_name']));
}
echo '</td>' . "\n"
@@ -1928,7 +1928,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
if (isset($tablename)) {
echo ' [ ' . $GLOBALS['strTable'] . ' <a href="'
. $GLOBALS['cfg']['DefaultTabTable'] . '?' . $GLOBALS['url_query']
. '&amp;db=' . $url_dbname . '&amp;table=' . urlencode($tablename)
. '&amp;db=' . $url_dbname . '&amp;table=' . htmlspecialchars(urlencode($tablename))
. '&amp;reload=1">' . htmlspecialchars($tablename) . ': '
. PMA_getTitleForTarget($GLOBALS['cfg']['DefaultTabTable'])
. "</a> ]\n";
@@ -2155,7 +2155,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
// Offer to create a new user for the current database
echo '<fieldset id="fieldset_add_user">' . "\n"
. ' <a href="server_privileges.php?' . $GLOBALS['url_query'] . '&amp;adduser=1&amp;dbname=' . $checkprivs .'">' . "\n"
. ' <a href="server_privileges.php?' . $GLOBALS['url_query'] . '&amp;adduser=1&amp;dbname=' . htmlspecialchars($checkprivs) .'">' . "\n"
. PMA_getIcon('b_usradd.png')
. ' ' . $GLOBALS['strAddUser'] . '</a>' . "\n"
. '</fieldset>' . "\n";