diff --git a/libraries/check_user_privileges.lib.php b/libraries/check_user_privileges.lib.php index 977d85460..6fb302c39 100644 --- a/libraries/check_user_privileges.lib.php +++ b/libraries/check_user_privileges.lib.php @@ -22,8 +22,8 @@ $dbs_where_create_table_allowed = array(); // can do a 'USE mysql' (even if they cannot see the tables) $is_superuser = PMA_isSuperuser(); -function PMA_analyseShowGrant($rs_usr, &$is_create_db_priv, &$db_to_create, &$is_reload_priv, &$dbs_where_create_table_allowed) { - +function PMA_analyseShowGrant($rs_usr, &$is_create_db_priv, &$db_to_create, &$is_reload_priv, &$dbs_where_create_table_allowed) +{ $re0 = '(^|(\\\\\\\\)+|[^\])'; // non-escaped wildcards $re1 = '(^|[^\])(\\\)+'; // escaped wildcards while ($row = PMA_DBI_fetch_row($rs_usr)) { @@ -34,7 +34,7 @@ function PMA_analyseShowGrant($rs_usr, &$is_create_db_priv, &$db_to_create, &$is $is_reload_priv = true; } /** - * @todo if we find CREATE VIEW but not CREATE, do not offer + * @todo if we find CREATE VIEW but not CREATE, do not offer * the create database dialog box */ if (($show_grants_str == 'ALL') || ($show_grants_str == 'ALL PRIVILEGES') || ($show_grants_str == 'CREATE') || strpos($show_grants_str, 'CREATE,') !== false) { @@ -55,11 +55,7 @@ function PMA_analyseShowGrant($rs_usr, &$is_create_db_priv, &$db_to_create, &$is // since 4.1.0, we need to use backquotes if the dbname contains a "-" // in a USE command - if (PMA_MYSQL_INT_VERSION > 40100) { - $dbname_to_test = PMA_backquote($show_grants_dbname); - } else { - $dbname_to_test = $show_grants_dbname; - } + $dbname_to_test = PMA_backquote($show_grants_dbname); if ((ereg($re0 . '%|_', $show_grants_dbname) && !ereg('\\\\%|\\\\_', $show_grants_dbname)) @@ -89,84 +85,12 @@ function PMA_analyseShowGrant($rs_usr, &$is_create_db_priv, &$db_to_create, &$is // using $userlink (no control user needed) // and we don't have to try any other method for detection -if (PMA_MYSQL_INT_VERSION >= 40102) { - $rs_usr = PMA_DBI_try_query('SHOW GRANTS', $userlink, PMA_DBI_QUERY_STORE); - if ($rs_usr) { - PMA_analyseShowGrant($rs_usr, $is_create_db_priv, $db_to_create, $is_reload_priv, $dbs_where_create_table_allowed); - PMA_DBI_free_result($rs_usr); - unset($rs_usr); - } -} else { - -// Before MySQL 4.1.2, we first try to find a priv in mysql.user. Hopefuly -// the controluser is correctly defined; but here, $controllink could contain -// $userlink so maybe the SELECT will fail - - if (!$is_create_db_priv) { - $res = PMA_DBI_query('SELECT USER();', null, PMA_DBI_QUERY_STORE); - list($mysql_cur_user_and_host) = PMA_DBI_fetch_row($res); - $mysql_cur_user = substr($mysql_cur_user_and_host, 0, strrpos($mysql_cur_user_and_host, '@')); - - $local_query = 'SELECT Create_priv, Reload_priv FROM mysql.user WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ' OR ' . PMA_convert_using('User') . ' = ' . PMA_convert_using('', 'quoted') . ';'; - $rs_usr = PMA_DBI_try_query($local_query, $controllink, PMA_DBI_QUERY_STORE); // Debug: or PMA_mysqlDie('', $local_query, false); - if ($rs_usr) { - while ($result_usr = PMA_DBI_fetch_assoc($rs_usr)) { - if (!$is_create_db_priv) { - $is_create_db_priv = ($result_usr['Create_priv'] == 'Y'); - } - if (!$is_reload_priv) { - $is_reload_priv = ($result_usr['Reload_priv'] == 'Y'); - } - } // end while - PMA_DBI_free_result($rs_usr); - unset($rs_usr, $result_usr); - if ($is_create_db_priv) { - $dbs_where_create_table_allowed[] = '*'; - } - } // end if - } // end if - - // If the user has Create priv on a inexistant db, show him in the dialog - // the first inexistant db name that we find, in most cases it's probably - // the one he just dropped :) - if (!$is_create_db_priv) { - $local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE ' . PMA_convert_using('Create_priv') . ' = ' . PMA_convert_using('Y', 'quoted') . ' AND (' . PMA_convert_using('User') . ' = ' .PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ' OR ' . PMA_convert_using('User') . ' = ' . PMA_convert_using('', 'quoted') . ');'; - - $rs_usr = PMA_DBI_try_query($local_query, $controllink, PMA_DBI_QUERY_STORE); - if ($rs_usr) { - $re0 = '(^|(\\\\\\\\)+|[^\])'; // non-escaped wildcards - $re1 = '(^|[^\])(\\\)+'; // escaped wildcards - while ($row = PMA_DBI_fetch_assoc($rs_usr)) { - $dbs_where_create_table_allowed[] = $row['Db']; - if (ereg($re0 . '(%|_)', $row['Db']) - || (!PMA_DBI_try_query('USE ' . ereg_replace($re1 . '(%|_)', '\\1\\3', $row['Db'])) && substr(PMA_DBI_getError(), 1, 4) != 1044)) { - $db_to_create = ereg_replace($re0 . '%', '\\1...', ereg_replace($re0 . '_', '\\1?', $row['Db'])); - $db_to_create = ereg_replace($re1 . '(%|_)', '\\1\\3', $db_to_create); - $is_create_db_priv = true; - break; - } // end if - } // end while - PMA_DBI_free_result($rs_usr); - unset($rs_usr, $row, $re0, $re1); - } else { - // Finally, let's try to get the user's privileges by using SHOW - // GRANTS... - // Maybe we'll find a little CREATE priv there :) - $rs_usr = PMA_DBI_try_query('SHOW GRANTS FOR ' . $mysql_cur_user_and_host . ';', $controllink, PMA_DBI_QUERY_STORE); - if (!$rs_usr) { - // OK, now we'd have to guess the user's hostname, but we - // only try out the 'username'@'%' case. - $rs_usr = PMA_DBI_try_query('SHOW GRANTS FOR ' . PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ';', $controllink, PMA_DBI_QUERY_STORE); - } - unset($local_query); - if ($rs_usr) { - PMA_analyseShowGrant($rs_usr, $is_create_db_priv, $db_to_create, $is_reload_priv, $dbs_where_create_table_allowed); - PMA_DBI_free_result($rs_usr); - unset($rs_usr); - } // end if - } // end elseif - } // end if -} // end else (MySQL < 4.1.2) +$rs_usr = PMA_DBI_try_query('SHOW GRANTS', $userlink, PMA_DBI_QUERY_STORE); +if ($rs_usr) { + PMA_analyseShowGrant($rs_usr, $is_create_db_priv, $db_to_create, $is_reload_priv, $dbs_where_create_table_allowed); + PMA_DBI_free_result($rs_usr); + unset($rs_usr); +} // If disabled, don't show it if (!$cfg['SuggestDBName']) {