nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1113788, escaping character removed by error

Browse Source
This commit is contained in:
Marc Delisle
2005-02-18 02:58:12 +00:00
parent ce7a73ca18
commit abd90b29d8
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -8,6 +8,7 @@ $Source$
2005-02-17 Marc Delisle <lem9@users.sourceforge.net> 2005-02-17 Marc Delisle <lem9@users.sourceforge.net>
* header.inc.php, queryframe.php: HTML improvement, * header.inc.php, queryframe.php: HTML improvement,
thanks to Armel Fauveau thanks to Armel Fauveau
* server_privileges.php: bug #1113788, escaping character removed by error
2005-02-16 Alexander M. Turek <me@derrabus.de> 2005-02-16 Alexander M. Turek <me@derrabus.de>
* db_details_export.php: Views are not exportable yet. * db_details_export.php: Views are not exportable yet.

21
server_privileges.php
View File

@@ -729,18 +729,33 @@ if (!empty($update_privs)) {
// escaping a wildcard character in a GRANT is only accepted at the global // escaping a wildcard character in a GRANT is only accepted at the global
// or database level, not at table level; this is why I remove // or database level, not at table level; this is why I remove
// the escaping character // the escaping character
// Note: in the Database-specific privileges, we will have for example // Note: in the phpMyAdmin list of Database-specific privileges,
// we will have for example
// test\_db SELECT (this one is for privileges on a db level) // test\_db SELECT (this one is for privileges on a db level)
// test_db USAGE (this one is for table-specific privileges) // test_db USAGE (this one is for table-specific privileges)
// //
// It looks curious but reflects IMO the way MySQL works // It looks curious but reflects the way MySQL works
if (empty($dbname)) {
$db_and_table = '*.*';
} else {
if (!empty($tablename)) {
$db_and_table = str_replace('\\','',PMA_backquote($dbname))
. '.' . PMA_backquote($tablename);
} else {
// do not remove the escaping character when working at db level
$db_and_table = PMA_backquote($dbname)
. '.*';
}
}
$db_and_table = empty($dbname) ? '*.*' : str_replace('\\','',PMA_backquote($dbname)) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename));
$sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';'; $sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
if (!isset($Grant_priv) || $Grant_priv != 'Y') { if (!isset($Grant_priv) || $Grant_priv != 'Y') {
$sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';'; $sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
} }
$sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\''; $sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';
if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && PMA_MYSQL_INT_VERSION >= 40002 && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) { if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && PMA_MYSQL_INT_VERSION >= 40002 && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) {
$sql_query2 .= 'WITH'; $sql_query2 .= 'WITH';
if (isset($Grant_priv) && $Grant_priv == 'Y') { if (isset($Grant_priv) && $Grant_priv == 'Y') {