From 70acc9454f887fd9fe24d75419775051e2e2eae1 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Tue, 25 Mar 2003 11:29:20 +0000
Subject: [PATCH] MySQL4 global privs and USE mysql

---
 ChangeLog | 4 ++++
 main.php3 | 6 +++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 617ad1e08..391838bfe 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
 $Id$
 $Source$
 
+2003-03-25 Marc Delisle  <lem9@users.sourceforge.net>
+    * main.php3: replace the 'USE mysql' test, as users with a global
+      priv like CREATE TEMPORARY TABLES can do a 'USE mysql'
+
 2003-03-25 Michal Cihar  <nijel@users.sourceforge.net>
     * tbl_query_box.php3, tbl_properties_operations.php3,
       libraries/common.lib.php3, tbl_query_box.php3, querywindow.php3: More
diff --git a/main.php3 b/main.php3
index 568252a8a..e03df64fb 100755
--- a/main.php3
+++ b/main.php3
@@ -181,7 +181,11 @@ if ($server > 0) {
     $is_create_priv  = FALSE;
     $is_process_priv = TRUE;
     $is_reload_priv  = FALSE;
-    $is_superuser    = @PMA_mysql_query('USE mysql', $userlink);
+
+// We were checking privileges with 'USE mysql' but users with the global
+// priv CREATE TEMPORARY TABLES or LOCK TABLES can do a 'USE mysql' 
+// (even if they cannot see the tables)
+    $is_superuser    = @PMA_mysql_query('SELECT COUNT(*) FROM mysql.user', $userlink);
     if ($dbh) {
         $local_query = 'SELECT Create_priv, Process_priv, Reload_priv FROM mysql.user WHERE User = \'' . PMA_sqlAddslashes($mysql_cur_user) . '\'';
         $rs_usr      = PMA_mysql_query($local_query, $dbh); // Debug: or PMA_mysqlDie('', $local_query, FALSE);