From 95daed4ec983588b7a3d733dc9ec22d3a90cada6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Chapeaux?= <lolo@phpheaven.net>
Date: Wed, 1 May 2002 09:00:16 +0000
Subject: [PATCH] Ensure the "db_stats.php3" script can only be ran by a
 super-user

---
 ChangeLog     |  2 ++
 db_stats.php3 | 11 +++++++++++
 2 files changed, 13 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 8b32ca2aa..3a6c1af48 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,8 @@ $Source$
 2002-05-01 Loïc Chapeaux  <lolo@phpheaven.net>
     * tbl_properties.php3; tbl_properties_table_info.php3: comments.
     * tbl_properties_options.php3: added labels and beautified display.
+    * db_stats.php3, lines 12-22: ensure this script can only be ran by a
+      super-user.
 
 2002-04-30 Loïc Chapeaux  <lolo@phpheaven.net>
     * lang/italian.inc.php3: updated thanks to Pietro Danesi.
diff --git a/db_stats.php3 b/db_stats.php3
index cc5fc0bef..1022d91d3 100644
--- a/db_stats.php3
+++ b/db_stats.php3
@@ -9,6 +9,17 @@ require('./libraries/grab_globals.lib.php3');
 require('./header.inc.php3');
 
 
+/**
+ * Ensures the current user is super-user
+ */
+if (!@mysql_query('USE mysql', $userlink)) {
+    echo '<p><b>' . $strError . '</b></p>' . "\n";
+    echo '<p>&nbsp;&nbsp;&nbsp;&nbsp;' .  $strNoRights . '</p>' . "\n";
+    include('./footer.inc.php3');
+    exit();
+} // end if
+
+
 /**
  * Drop databases if required
  */