bug #1311384, Create table dialog on escaped wildcard privileges
This commit is contained in:
Marc Delisle
@@ -12,6 +12,8 @@ $Source$
|
|||||||
thanks to Vernon Lyon - vlyon
|
thanks to Vernon Lyon - vlyon
|
||||||
* libraries/charset_conversion.lib.php: PMA_MYSQL_INT_VERSION is not
|
* libraries/charset_conversion.lib.php: PMA_MYSQL_INT_VERSION is not
|
||||||
defined at login time but what tested
|
defined at login time but what tested
|
||||||
|
* libraries/display_create_table.lib.php, bug #1311384, Create table
|
||||||
|
dialog on escaped wildcard privileges
|
||||||
|
|
||||||
2005-10-04 Sebastian Mendel <cybot_tm@users.sourceforge.net>
|
2005-10-04 Sebastian Mendel <cybot_tm@users.sourceforge.net>
|
||||||
* libraries/functions.js, libraries/sql_query_form.lib.php:
|
* libraries/functions.js, libraries/sql_query_form.lib.php:
|
||||||
|
|||||||
@@ -7,24 +7,66 @@
|
|||||||
require_once('./libraries/check_user_privileges.lib.php');
|
require_once('./libraries/check_user_privileges.lib.php');
|
||||||
|
|
||||||
$is_create_table_priv = FALSE;
|
$is_create_table_priv = FALSE;
|
||||||
// TODO: escaped wildcard patterns
|
|
||||||
$mysql_wildcards = array('%','_');
|
|
||||||
$preg_patterns = array('(.*)', '.');
|
|
||||||
|
|
||||||
foreach($dbs_where_create_table_allowed as $allowed_db) {
|
foreach($dbs_where_create_table_allowed as $allowed_db) {
|
||||||
|
|
||||||
|
// if we find the exact db name, we stop here
|
||||||
|
if ($allowed_db == $db) {
|
||||||
|
$is_create_table_priv = TRUE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
// '*' indicates a global CREATE priv
|
// '*' indicates a global CREATE priv
|
||||||
if ($allowed_db == '*') {
|
if ($allowed_db == '*') {
|
||||||
$is_create_table_priv = TRUE;
|
$is_create_table_priv = TRUE;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ereg('%|_', $allowed_db)) {
|
||||||
|
// take care of wildcards and escaped wildcards,
|
||||||
|
// transforming them into regexp patterns
|
||||||
|
$max_position = strlen($allowed_db) - 1;
|
||||||
|
$i = 0;
|
||||||
|
$pattern = '';
|
||||||
|
while ($i <= $max_position) {
|
||||||
|
if ($allowed_db[$i] == '\\'){
|
||||||
|
if ($i < $max_position - 1 && $allowed_db[$i+1] == '_'){
|
||||||
|
$chunk = '_';
|
||||||
|
$i++;
|
||||||
|
} elseif ($i < $max_position - 1 && $allowed_db[$i+1] == '%'){
|
||||||
|
$chunk = '%';
|
||||||
|
$i++;
|
||||||
|
} else {
|
||||||
|
$chunk = $allowed_db[$i];
|
||||||
|
}
|
||||||
|
} elseif ($allowed_db[$i] == '_'){
|
||||||
|
$chunk = '.';
|
||||||
|
} elseif ($allowed_db[$i] == '%'){
|
||||||
|
$chunk = '(.)*';
|
||||||
|
} else {
|
||||||
|
$chunk = $allowed_db[$i];
|
||||||
|
}
|
||||||
|
$pattern .= $chunk;
|
||||||
|
$i++;
|
||||||
|
} // end while
|
||||||
|
unset($i, $max_position, $chunk);
|
||||||
|
|
||||||
$matches = '';
|
$matches = '';
|
||||||
if (preg_match('@' .str_replace($mysql_wildcards, $preg_patterns, $allowed_db) . '@i', $db, $matches)) {
|
if (preg_match('@' .$pattern . '@i', $db, $matches)) {
|
||||||
if ($matches[0] == $db) {
|
if ($matches[0] == $db) {
|
||||||
$is_create_table_priv = TRUE;
|
$is_create_table_priv = TRUE;
|
||||||
break;
|
break;
|
||||||
|
//TODO: maybe receive in $allowed_db also the db names
|
||||||
|
// on which we cannot CREATE, and check them
|
||||||
|
// in this foreach, because if a user is allowed to CREATE
|
||||||
|
// on db foo% but forbidden on db foobar, he should not
|
||||||
|
// see the Create table dialog
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} // end foreach
|
||||||
|
unset($i, $max_position, $chunk, $pattern);
|
||||||
|
|
||||||
if ($is_create_table_priv) {
|
if ($is_create_table_priv) {
|
||||||
?>
|
?>
|
||||||
<!-- Create a new table -->
|
<!-- Create a new table -->
|
||||||
|
|||||||
Reference in New Issue
Block a user