bug 434608

2001-06-30 00:54:39 +00:00
parent 51a4f28079
commit 7f7e2f6ad3
2 changed files with 19 additions and 1 deletions
--- a/3
+++ b/3
@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
 $Id$ 
 $Source$

+2001-06-29  Marc Delisle  <lem9@users.sourceforge.net>
+	* user_details.php3, js code to protect db and table names
+
 2001-06-28  Steve Alberty  <alberty@neptunlabs.de>
 	* fixed bug with dl and PHP 3

--- a/user_details.php3
+++ b/user_details.php3
@@ -218,7 +218,7 @@ function grant_operations()
        } else { db = "*"; table = "*"; column = ""; }

        sql = "GRANT " + privGrantToString(f) + "" + column;
-        sql += " ON " + db + "." + table
+        sql += " ON " + protect_name(db) + "." + protect_name(table)
        sql += " TO '" + "<?php echo $user; ?>" + "'@'" + "<?php echo $host ?>'"
        if (f.Grant_priv.checked) sql += " with grant option";

@@ -231,6 +231,21 @@ function grant_operations()
        location.href = url;
    }

+    function protect_name(db_or_table) {
+	var js_mysql_major_version, js_mysql_minor_version;
+	js_mysql_major_version = <?php echo MYSQL_MAJOR_VERSION ?>;
+	js_mysql_minor_version = <?php echo MYSQL_MINOR_VERSION ?>;
+
+	if (js_mysql_major_version >= "3.23") {
+	   if (js_mysql_minor_version >= "6")  {
+		return "`" + db_or_table + "`";
+	   }
+	}
+	else {
+		return db_or_table;
+	}
+    }
+
    function change(f, param) {
        var l, p;