nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed possible SQL injection using database name

Browse Source
This commit is contained in:
Sebastian Mendel
2007-11-09 07:41:47 +00:00
parent 37ca5ac56d
commit ace0569f94
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server_privileges.php
View File

@@ -1993,7 +1993,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
$sql_query =
'(SELECT ' . $list_of_privileges . ', `Db`'
.' FROM `mysql`.`db`'
.' WHERE \'' . $checkprivs . "'"
.' WHERE \'' . PMA_sqlAddslashes($checkprivs) . "'"
.' LIKE `Db`'
.' AND NOT (' . $list_of_compared_privileges. ')) '
.'UNION '