A user could not edit his own global privileges.

This commit is contained in:
Alexander M. Turek
2003-07-27 19:25:16 +00:00
parent a15217ee43
commit 8313d04f08
2 changed files with 12 additions and 5 deletions

View File

@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
$Id$
$Source$
2003-07-27 Alexander M. Turek <rabus@users.sourceforge.net>
* server_privileges.php3: A user could not edit his own global privileges.
2003-07-25 Garvin Hicking <me@supergarv.de>
* Documentation.html: Updated my E-Mail, added latest credits-items
* images/*, config.inc.php3, db_details_structure.php3,
@@ -12,7 +15,7 @@ $Source$
libraries/display_tbl.lib.php3, Documentation.html,
left.php3:
Even more new images on more places: DB properties, Table
properties, Table Display (LinkOrButton unified as well),
properties, Table Display (LinkOrButton unified as well),
Left frame.
Multi-column mode also works for MySQL < 3.23.03 (does anybody even
care?)
@@ -20,7 +23,7 @@ $Source$
2003-07-25 Marc Delisle <lem9@users.sourceforge.net>
* header.inc.php3: XHTML compatibility
* libraries/sqlparser.lib.php3, /relation.lib.php3: bug 776789,
unable to insert record with FK in another db
unable to insert record with FK in another db
2003-07-24 Garvin Hicking <me@supergarv.de>
* libraries/sqlparser.lib.php3 - Confirmation is also needed on

View File

@@ -738,7 +738,9 @@ if (!empty($update_privs)) {
if (PMA_MYSQL_INT_VERSION >= 32211) {
$db_and_table = empty($dbname) ? '*.*' : PMA_backquote($dbname) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename));
$sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '";';
$sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '";';
if (!isset($Grant_priv) || $Grant_priv != 'Y') {
$sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '";';
}
$sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"';
if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) {
$sql_query2 .= 'WITH';
@@ -757,9 +759,11 @@ if (!empty($update_privs)) {
}
$sql_query2 .= ';';
PMA_mysql_query($sql_query0, $userlink); // this query may fail, but this does not matter :o)
PMA_mysql_query($sql_query1, $userlink); // this one may fail, too...
if (isset($sql_query1)) {
PMA_mysql_query($sql_query1, $userlink); // this one may fail, too...
}
PMA_mysql_query($sql_query2, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query2);
$sql_query = $sql_query0 . ' ' . $sql_query1 . ' ' . $sql_query2;
$sql_query = $sql_query0 . ' ' . (isset($sql_query1) ? $sql_query1 . ' ' : '') . $sql_query2;
$message = sprintf($strUpdatePrivMessage, '\'' . $username . '\'@\'' . $hostname . '\'');
} else {
$sql_query = 'SHOW COLUMNS FROM `user`;';