nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add missing PMA_sqlAddslashes to $initial parameter

Browse Source 
Security risk is low since a valid token is required to use this.
This commit is contained in:
Herman van Rink
2011-04-26 16:28:50 +02:00
parent 2928a557a7
commit 7ebe311433
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server_privileges.php
View File

@@ -117,8 +117,8 @@ function PMA_RangeOfUsers($initial = '')
// strtolower() is used because the User field
// might be BINARY, so LIKE would be case sensitive
if (!empty($initial)) {
$ret = " WHERE `User` LIKE '" . $initial . "%'"
. " OR `User` LIKE '" . strtolower($initial) . "%'";
$ret = " WHERE `User` LIKE '" . PMA_sqlAddslashes($initial) . "%'"
. " OR `User` LIKE '" . PMA_sqlAddslashes(strtolower($initial)) . "%'";
} else {
$ret = '';
}