nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed possible SQL injection using database name

Browse Source
This commit is contained in:
Sebastian Mendel
2007-11-09 07:41:47 +00:00
parent 37ca5ac56d
commit ace0569f94
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -33,6 +33,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #1826022 [privileges] unable to add user (MySQL 3.23) since PMA 2.11.2 - bug #1826022 [privileges] unable to add user (MySQL 3.23) since PMA 2.11.2
- bug #1823045 [import] Error importing file with lowercase "delimiter" - bug #1823045 [import] Error importing file with lowercase "delimiter"
2.11.2.1 (not yet released)
- fixed possible SQL injection using database name
2.11.2.0 (2007-10-27) 2.11.2.0 (2007-10-27)
- patch #1791576 HTTP auth: support REDIRECT_REMOTE_USER, thanks to Allard - patch #1791576 HTTP auth: support REDIRECT_REMOTE_USER, thanks to Allard
+ [lang] Serbian update, thanks to Mihailo Stefanovic + [lang] Serbian update, thanks to Mihailo Stefanovic

2
server_privileges.php
View File

@@ -1993,7 +1993,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
$sql_query = $sql_query =
'(SELECT ' . $list_of_privileges . ', `Db`' '(SELECT ' . $list_of_privileges . ', `Db`'
.' FROM `mysql`.`db`' .' FROM `mysql`.`db`'
.' WHERE \'' . $checkprivs . "'" .' WHERE \'' . PMA_sqlAddslashes($checkprivs) . "'"
.' LIKE `Db`' .' LIKE `Db`'
.' AND NOT (' . $list_of_compared_privileges. ')) ' .' AND NOT (' . $list_of_compared_privileges. ')) '
.'UNION ' .'UNION '