improved a bit Olivier's patch about the "Drop database" restrictions

2001-08-21 18:20:07 +00:00
parent 2b1efbe21d
commit ac5aad586b
4 changed files with 44 additions and 35 deletions
--- a/sql.php3
+++ b/sql.php3
@@ -8,27 +8,23 @@
 require('./grab_globals.inc.php3');
 require('./lib.inc.php3');

-/**
- * Check rights in case of DROP DATABASE
- */

-if (eregi('DROP DATABASE', $sql_query)) {
-    // Check if the user is a Superuser - TODO: set a global variable with this information
-
-    $is_superuser = FALSE;
+/** 
+ * Check rights in case of DROP DATABASE 
+ */ 
+if (!is_defined('PMA_CHK_DROP')
+    && !$cfgAllowUserDropDatabase
+    && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
+    // Checks if the user is a Superuser
+    // TODO: set a global variable with this information
    $result = mysql_query('SELECT * FROM mysql.user');
    $rows   = @mysql_num_rows($result);
-    if (!empty($rows)) { $is_superuser = TRUE; }
-
-    if (!$cfgAllowUserDropDatabase && !$is_superuser) {
+    // empty <> 0 for certain php3 releases
+    if (empty($rows) || $rows == 0) {
        include('./header.inc.php3');
-	echo '<b>' . $strAccessDenied . '</b>' . "\n";
-        require('./footer.inc.php3');
-        exit();
-    }
-}
-
-
+        mysql_die($strNoDropDatabases);
+    } // end if
+} // end if


 /**