From aa3b38a8cf712a3b663168544aff25a8e6541f22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Chapeaux?= Date: Sat, 8 Dec 2001 21:37:11 +0000 Subject: [PATCH] fixed an other bug with db creation privilege thanks to James Wigdahl --- ChangeLog | 2 ++ main.php3 | 27 ++++++++++++++++++--------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index ddcf3ecb7..c39d63cbe 100755 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ $Source$ * left.php3: nicer codding for Opera exception. * read_dump.php3; libraries/build_dump.lib.php3: send fake headers to bypass browser timeout. + * main.php3: fixed an other bug with db creation privilege thanks to + James Wigdahl . 2001-12-07 Loïc Chapeaux * lang/polish.inc.php3: fixed typos thanks to Tomasz Regdos & Jakub Wilk. diff --git a/main.php3 b/main.php3 index 9c92774f3..a1c05f368 100755 --- a/main.php3 +++ b/main.php3 @@ -57,10 +57,11 @@ if ($server > 0) { // } $local_query = 'SELECT VERSION() as version, USER() as user'; $res = mysql_query($local_query) or PMA_mysqlDie('', $local_query, FALSE, ''); + $mysql_cur_user = mysql_result($res, 0, 'user'); $full_string = str_replace('%pma_s1%', mysql_result($res, 0, 'version'), $strMySQLServerProcess); $full_string = str_replace('%pma_s2%', $server_info, $full_string); - $full_string = str_replace('%pma_s3%', mysql_result($res, 0, 'user'), $full_string); + $full_string = str_replace('%pma_s3%', $mysql_cur_user, $full_string); echo '

' . $full_string . '


' . "\n"; } // end if @@ -157,18 +158,26 @@ $is_superuser = FALSE; if ($server > 0) { // Get user's global privileges ($dbh and $userlink are links to MySQL // defined in the "common.lib.php3" library) + $mysql_cur_user = substr($mysql_cur_user, 0, strpos($mysql_cur_user, '@')); $is_create_priv = FALSE; $is_process_priv = FALSE; $is_reload_priv = FALSE; $is_superuser = @mysql_query('USE mysql', $userlink); if ($dbh) { - $local_query = 'SELECT Create_priv, Process_priv, Reload_priv FROM mysql.user WHERE User = \'' . PMA_sqlAddslashes($cfgServer['user']) . '\' OR User = \'\''; + $local_query = 'SELECT Create_priv, Process_priv, Reload_priv FROM mysql.user WHERE User = \'' . PMA_sqlAddslashes($mysql_cur_user) . '\''; $rs_usr = mysql_query($local_query, $dbh); // Debug: or PMA_mysqlDie('', $local_query, FALSE); if ($rs_usr) { - $result_usr = mysql_fetch_array($rs_usr); - $is_create_priv = ($result_usr['Create_priv'] == 'Y'); - $is_process_priv = ($result_usr['Process_priv'] == 'Y'); - $is_reload_priv = ($result_usr['Reload_priv'] == 'Y'); + while ($result_usr = mysql_fetch_array($rs_usr)) { + if (!$is_create_priv) { + $is_create_priv = ($result_usr['Create_priv'] == 'Y'); + } + if (!$is_process_priv) { + $is_process_priv = ($result_usr['Process_priv'] == 'Y'); + } + if (!$is_reload_priv) { + $is_reload_priv = ($result_usr['Reload_priv'] == 'Y'); + } + } // end while mysql_free_result($rs_usr); } // end if } // end if @@ -178,11 +187,11 @@ if ($server > 0) { // the one he just dropped :) // (Note: we only get here after a browser reload, I don't know why) if (!$is_create_priv) { - $local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE Create_priv = \'Y\' AND (User = \'' . PMA_sqlAddslashes($cfgServer['user']) . '\' OR User = \'\')'; + $local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE Create_priv = \'Y\' AND User = \'' . PMA_sqlAddslashes($mysql_cur_user) . '\''; $rs_usr = mysql_query($local_query, $dbh); // Debug: or PMA_mysqlDie('', $local_query, FALSE); - if (@mysql_numrows($rs_usr) > 0) { + if ($rs_usr) { while ($row = mysql_fetch_array($rs_usr)) { - if (!mysql_select_db($row['Db'], $userlink)) { + if (!mysql_select_db($row['Db'], $userlink) && @mysql_errno() != 1044) { $re = '(^|(\\\\\\\\)+|[^\])'; $row['Db'] = ereg_replace($re . '%', '\\1...', ereg_replace($re . '_', '\\1?', $row['Db'])); $db_to_create = $row['Db'];