From abd90b29d87c7152d36a4d96220fb4333e5d01a9 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Fri, 18 Feb 2005 02:58:12 +0000
Subject: [PATCH] bug #1113788, escaping character removed by error

---
 ChangeLog             |  1 +
 server_privileges.php | 21 ++++++++++++++++++---
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 171a642e4..0a6b50259 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,7 @@ $Source$
 2005-02-17 Marc Delisle  <lem9@users.sourceforge.net>
     * header.inc.php, queryframe.php: HTML improvement, 
       thanks to Armel Fauveau
+    * server_privileges.php: bug #1113788, escaping character removed by error
 
 2005-02-16 Alexander M. Turek  <me@derrabus.de>
     * db_details_export.php: Views are not exportable yet.
diff --git a/server_privileges.php b/server_privileges.php
index 1268ea6d7..3443e482f 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -729,18 +729,33 @@ if (!empty($update_privs)) {
     // escaping a wildcard character in a GRANT is only accepted at the global
     // or database level, not at table level; this is why I remove
     // the escaping character
-    // Note: in the Database-specific privileges, we will have for example
+    // Note: in the phpMyAdmin list of Database-specific privileges,
+    //  we will have for example
     //  test\_db  SELECT (this one is for privileges on a db level)
     //  test_db   USAGE  (this one is for table-specific privileges)
     //
-    // It looks curious but reflects IMO the way MySQL works
+    // It looks curious but reflects the way MySQL works
+
+    if (empty($dbname)) {
+        $db_and_table = '*.*';
+    } else {
+        if (!empty($tablename)) {
+            $db_and_table = str_replace('\\','',PMA_backquote($dbname))
+                          . '.' . PMA_backquote($tablename);
+        } else {
+            // do not remove the escaping character when working at db level 
+            $db_and_table = PMA_backquote($dbname)
+                          . '.*'; 
+        }
+    }
+
 
-    $db_and_table = empty($dbname) ? '*.*' : str_replace('\\','',PMA_backquote($dbname)) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename));
     $sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
     if (!isset($Grant_priv) || $Grant_priv != 'Y') {
         $sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
     }
     $sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';
+
     if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && PMA_MYSQL_INT_VERSION >= 40002 && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) {
         $sql_query2 .= 'WITH';
         if (isset($Grant_priv) && $Grant_priv == 'Y') {