From ace0569f9430b65d52f8b341a5a6ed70b4eca33f Mon Sep 17 00:00:00 2001 From: Sebastian Mendel Date: Fri, 9 Nov 2007 07:41:47 +0000 Subject: [PATCH] fixed possible SQL injection using database name --- ChangeLog | 3 +++ server_privileges.php | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index bfb2ce961..a67ee7d05 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA - bug #1826022 [privileges] unable to add user (MySQL 3.23) since PMA 2.11.2 - bug #1823045 [import] Error importing file with lowercase "delimiter" +2.11.2.1 (not yet released) +- fixed possible SQL injection using database name + 2.11.2.0 (2007-10-27) - patch #1791576 HTTP auth: support REDIRECT_REMOTE_USER, thanks to Allard + [lang] Serbian update, thanks to Mihailo Stefanovic diff --git a/server_privileges.php b/server_privileges.php index 54856e267..6681d833f 100644 --- a/server_privileges.php +++ b/server_privileges.php @@ -1993,7 +1993,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs $sql_query = '(SELECT ' . $list_of_privileges . ', `Db`' .' FROM `mysql`.`db`' - .' WHERE \'' . $checkprivs . "'" + .' WHERE \'' . PMA_sqlAddslashes($checkprivs) . "'" .' LIKE `Db`' .' AND NOT (' . $list_of_compared_privileges. ')) ' .'UNION '