nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improved a bit Olivier's patch about the "Drop database" restrictions

Browse Source
This commit is contained in:
Loïc Chapeaux
2001-08-21 18:20:07 +00:00
parent 2b1efbe21d
commit ac5aad586b
4 changed files with 44 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@@ -9,10 +9,10 @@ $Source$
* db_stats.php3: added list of 20 biggest db's. * db_stats.php3: added list of 20 biggest db's.
* lib.inc.php3: fixed the socket patch, should work now. * lib.inc.php3: fixed the socket patch, should work now.
* lib.inc.php3: re-fixed :) * lib.inc.php3: re-fixed :)
* config.inc.php3, config.php3, Docs, sql.php3: added configuration variable * config.inc.php3, config.php3, Docs, sql.php3: added configuration
$cfgAllowUserDropDatabase (set by default to FALSE), which will display variable $cfgAllowUserDropDatabase (set by default to FALSE), which will
or not the link "Drop database" and reject the command if the user is display or not the link "Drop database" and reject the command if the
not allowed to run it (requested by <lance@uklinux.net>). user is not allowed to run it (requested by <lance@uklinux.net>).
2001-08-21 Lo<4C>c Chapeaux <lolo@phpheaven.net> 2001-08-21 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* db_stats.php3: ensured the script is XHTML1.0 compliant and fits the * db_stats.php3: ensured the script is XHTML1.0 compliant and fits the
@@ -36,6 +36,8 @@ $Source$
tbl_properties.inc.php3; tbl_properties.php3; user_details.php3: tbl_properties.inc.php3; tbl_properties.php3; user_details.php3:
replaced MYSQL_MAJOR_VERSION and MYSQL_MINOR_VERSION constants by replaced MYSQL_MAJOR_VERSION and MYSQL_MINOR_VERSION constants by
MYSQL_INT_VERSION. MYSQL_INT_VERSION.
* db_details.php3; sql.php3; db_readdump.php3; lang/*: improved a bit
Olivier's patch about the "Drop database" restrictions.
2001-08-20 Olivier M<>ller <om@omnis.ch> 2001-08-20 Olivier M<>ller <om@omnis.ch>
* db_stats.php3: new file and feature (sorry :) : simply display an * db_stats.php3: new file and feature (sorry :) : simply display an

24
db_details.php3
View File

@@ -544,31 +544,27 @@ echo ' ' . '&nbsp;<input type="submit" value="' . $strGo . '" />' . "\n";
</li> </li>
<?php <?php
// Check if the user is a Superuser
// Check if the user is a Superuser - TODO: set a global variable with this information // TODO: set a global variable with this information
$result = mysql_query('SELECT * FROM mysql.user');
$is_superuser = FALSE; $rows = @mysql_num_rows($result);
$result = mysql_query('SELECT * FROM mysql.user'); // loic1: empry <> 0 with ceratin php3 releases
$rows = @mysql_num_rows($result); $is_superuser = (!empty($rows) || $rows != 0);
if (!empty($rows)) { $is_superuser = TRUE; }
// Display the DROP DATABASE link only if allowed to do so // Display the DROP DATABASE link only if allowed to do so
if ($cfgAllowUserDropDatabase || $is_superuser) { if ($cfgAllowUserDropDatabase || $is_superuser) {
?> ?>
<!-- Drop database --> <!-- Drop database -->
<li> <li>
<a href="sql.php3?server=<?php echo $server; ?>&lang=<?php echo $lang; ?>&db=<?php echo $db; ?>&sql_query=<?php echo urlencode('DROP DATABASE ' . backquote($db)); ?>&zero_rows=<?php echo urlencode($strDatabase . ' ' . htmlspecialchars(backquote($db)) . ' ' . $strHasBeenDropped); ?>&goto=main.php3&back=db_details.php3&reload=true"> <a href="sql.php3?server=<?php echo $server; ?>&lang=<?php echo $lang; ?>&db=<?php echo $db; ?>&sql_query=<?php echo urlencode('DROP DATABASE ' . backquote($db)); ?>&zero_rows=<?php echo urlencode($strDatabase . ' ' . htmlspecialchars(backquote($db)) . ' ' . $strHasBeenDropped); ?>&goto=main.php3&back=db_details.php3&reload=true">
<?php echo $strDropDB . ' ' . htmlspecialchars($db); ?></a> <?php echo $strDropDB . ' ' . htmlspecialchars($db); ?></a>
<?php echo show_docu('manual_Reference.html#DROP_DATABASE') . "\n"; ?> <?php echo show_docu('manual_Reference.html#DROP_DATABASE') . "\n"; ?>
</li> </li>
<?php
<?php
} }
echo "\n";
?> ?>
</ul> </ul>

15
db_readdump.php3
View File

@@ -70,6 +70,21 @@ if (!empty($prev_sql_query)) {
} }
} }
// Drop database is not allowed -> ensure the query can be run
if (!$cfgAllowUserDropDatabase
&& eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
// Checks if the user is a Superuser
// TODO: set a global variable with this information
$result = mysql_query('SELECT * FROM mysql.user');
$rows = @mysql_num_rows($result);
// empty <> 0 for certain php3 releases
if (empty($rows) || $rows == 0) {
include('./header.inc.php3');
mysql_die($strNoDropDatabases);
}
}
define('PMA_CHK_DROP', 1);
// Copy the query, used for display purposes only // Copy the query, used for display purposes only
$sql_query_cpy = $sql_query; $sql_query_cpy = $sql_query;

30
sql.php3
View File

@@ -8,27 +8,23 @@
require('./grab_globals.inc.php3'); require('./grab_globals.inc.php3');
require('./lib.inc.php3'); require('./lib.inc.php3');
/**
* Check rights in case of DROP DATABASE
*/
if (eregi('DROP DATABASE', $sql_query)) { /**
// Check if the user is a Superuser - TODO: set a global variable with this information * Check rights in case of DROP DATABASE
*/
$is_superuser = FALSE; if (!is_defined('PMA_CHK_DROP')
&& !$cfgAllowUserDropDatabase
&& eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
// Checks if the user is a Superuser
// TODO: set a global variable with this information
$result = mysql_query('SELECT * FROM mysql.user'); $result = mysql_query('SELECT * FROM mysql.user');
$rows = @mysql_num_rows($result); $rows = @mysql_num_rows($result);
if (!empty($rows)) { $is_superuser = TRUE; } // empty <> 0 for certain php3 releases
if (empty($rows) || $rows == 0) {
if (!$cfgAllowUserDropDatabase && !$is_superuser) {
include('./header.inc.php3'); include('./header.inc.php3');
echo '<b>' . $strAccessDenied . '</b>' . "\n"; mysql_die($strNoDropDatabases);
require('./footer.inc.php3'); } // end if
exit(); } // end if
}
}
/** /**