nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #688255 Can't edit priv. when different host in db and user

Browse Source
This commit is contained in:
Sebastian Mendel
2005-10-27 20:49:15 +00:00
parent dfab220458
commit ce7425d598
2 changed files with 123 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -29,6 +29,8 @@ $Source$
- use db_name LIKE REPLACE( mysql.db.Db, \_, _ ) - use db_name LIKE REPLACE( mysql.db.Db, \_, _ )
* libraries/grab_globals.lib.php: [XSS] clean $_SERVER variables * libraries/grab_globals.lib.php: [XSS] clean $_SERVER variables
* left.php, libraries/common.lib.php: format rowcount in left frame * left.php, libraries/common.lib.php: format rowcount in left frame
* server_privileges.php:
bug #688255 Can't edit priv. when different host in db and user
2005-10-26 Marc Delisle <lem9@users.sourceforge.net> 2005-10-26 Marc Delisle <lem9@users.sourceforge.net>
* lang/french* updates * lang/french* updates

139
server_privileges.php
View File

@@ -521,8 +521,7 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent =
* *
* @return void * @return void
*/ */
function PMA_displayLoginInformationFields($mode = 'new', $indent = 0 ) function PMA_displayLoginInformationFields($mode = 'new', $indent = 0 ) {
{
$spaces = str_repeat( ' ', $indent); $spaces = str_repeat( ' ', $indent);
// Get user/host name lengths // Get user/host name lengths
@@ -542,6 +541,9 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0 )
} }
unset($fields_info); unset($fields_info);
if ( isset( $GLOBALS['username'] ) && strlen( $GLOBALS['username'] ) === 0 ) {
$GLOBALS['pred_username'] = 'any';
}
echo $spaces . '<fieldset id="fieldset_add_user_login">' . "\n" echo $spaces . '<fieldset id="fieldset_add_user_login">' . "\n"
. $spaces . '<legend>' . $GLOBALS['strLoginInformation'] . '</legend>' . "\n" . $spaces . '<legend>' . $GLOBALS['strLoginInformation'] . '</legend>' . "\n"
. $spaces . '<div class="item">' . "\n" . $spaces . '<div class="item">' . "\n"
@@ -613,8 +615,12 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0 )
. $spaces . ' <select name="pred_password" id="select_pred_password" title="' . $GLOBALS['strPassword'] . '"' . "\n" . $spaces . ' <select name="pred_password" id="select_pred_password" title="' . $GLOBALS['strPassword'] . '"' . "\n"
. $spaces . ' onchange="if (this.value == \'none\') { pma_pw.value = \'\'; pma_pw2.value = \'\'; } else if (this.value == \'userdefined\') { pma_pw.focus(); pma_pw.select(); }">' . "\n" . $spaces . ' onchange="if (this.value == \'none\') { pma_pw.value = \'\'; pma_pw2.value = \'\'; } else if (this.value == \'userdefined\') { pma_pw.focus(); pma_pw.select(); }">' . "\n"
. ($mode == 'change' ? $spaces . ' <option value="keep" selected="selected">' . $GLOBALS['strKeepPass'] . '</option>' . "\n" : '') . ($mode == 'change' ? $spaces . ' <option value="keep" selected="selected">' . $GLOBALS['strKeepPass'] . '</option>' . "\n" : '')
. $spaces . ' <option value="none">' . $GLOBALS['strNoPassword'] . '</option>' . "\n" . $spaces . ' <option value="none"';
. $spaces . ' <option value="userdefined"' . ($mode == 'change' ? '' : ' selected="selected"') . '>' . $GLOBALS['strUseTextField'] . ':</option>' . "\n" if ( isset( $GLOBALS['username'] ) && $mode != 'change' ) {
echo ' selected="selected"';
}
echo $spaces . '>' . $GLOBALS['strNoPassword'] . '</option>' . "\n"
. $spaces . ' <option value="userdefined"' . ( isset( $GLOBALS['username'] ) ? '' : ' selected="selected"') . '>' . $GLOBALS['strUseTextField'] . ':</option>' . "\n"
. $spaces . ' </select>' . "\n" . $spaces . ' </select>' . "\n"
. $spaces . '</span>' . "\n" . $spaces . '</span>' . "\n"
. $spaces . '<input type="password" name="pma_pw" class="textfield" title="' . $GLOBALS['strPassword'] . '" onchange="pred_password.value = \'userdefined\';" />' . "\n" . $spaces . '<input type="password" name="pma_pw" class="textfield" title="' . $GLOBALS['strPassword'] . '" onchange="pred_password.value = \'userdefined\';" />' . "\n"
@@ -623,7 +629,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0 )
. $spaces . '<label for="text_pma_pw2">' . "\n" . $spaces . '<label for="text_pma_pw2">' . "\n"
. $spaces . ' ' . $GLOBALS['strReType'] . ':' . "\n" . $spaces . ' ' . $GLOBALS['strReType'] . ':' . "\n"
. $spaces . '</label>' . "\n" . $spaces . '</label>' . "\n"
. $spaces . '<span class="options"></span>' . "\n" . $spaces . '<span class="options">&nbsp;</span>' . "\n"
. $spaces . '<input type="password" name="pma_pw2" id="text_pma_pw2" class="textfield" title="' . $GLOBALS['strReType'] . '" onchange="pred_password.value = \'userdefined\';" />' . "\n" . $spaces . '<input type="password" name="pma_pw2" id="text_pma_pw2" class="textfield" title="' . $GLOBALS['strReType'] . '" onchange="pred_password.value = \'userdefined\';" />' . "\n"
. $spaces . '</div>' . "\n" . $spaces . '</div>' . "\n"
. $spaces . '<div class="item">' . "\n" . $spaces . '<div class="item">' . "\n"
@@ -1266,33 +1272,87 @@ if (empty($adduser) && empty($checkprivs)) {
} }
} else { } else {
// we also want users not in table `user` but in other table
$tables = PMA_DBI_fetch_result('SHOW TABLES FROM `mysql`;');
$db_rights_sqls = array();
$db_rights_sqls[] = 'SELECT DISTINCT `User`, `Host` FROM `mysql`.`user` ';
if ( in_array( 'db', $tables ) ) {
$db_rights_sqls[] = 'SELECT DISTINCT `User`, `Host` FROM `mysql`.`db` ';
}
if ( in_array( 'tables_priv', $tables ) ) {
$db_rights_sqls[] = 'SELECT DISTINCT `User`, `Host` FROM `mysql`.`tables_priv`';
}
if ( in_array( 'columns_priv', $tables ) ) {
$db_rights_sqls[] = 'SELECT DISTINCT `User`, `Host` FROM `mysql`.`columns_priv`';
}
$user_defaults = array(
'User' => '',
'Host' => '%',
'Password' => 'N',
'Grant_priv' => 'N',
'privs' => array( 'USAGE' ),
);
// for all initials, even non A-Z
$array_initials = array();
// for the rights
$db_rights = array();
if ( PMA_MYSQL_INT_VERSION >= 40000 ) {
$db_rights_sql = '(' . implode( ') UNION DISTINCT (', $db_rights_sqls ) . ')'
.' ORDER BY `User` ASC, `Host` ASC';
$db_rights_result = PMA_DBI_query( $db_rights_sql );
while ( $db_rights_row = PMA_DBI_fetch_assoc( $db_rights_result ) ) {
$db_rights_row = array_merge( $user_defaults, $db_rights_row );
$db_rights[$db_rights_row['User']][$db_rights_row['Host']] =
$db_rights_row;
if ( ! empty( $db_rights_row['User'] ) ) {
$letter = strtoupper( $db_rights_row['User']{0} );
$array_initials[$letter] = true;
}
}
} else {
foreach ( $db_rights_sqls as $db_rights_sql ) {
$db_rights_result = PMA_DBI_query( $db_rights_sql );
while ( $db_rights_row = PMA_DBI_fetch_assoc( $db_rights_result ) ) {
$db_rights_row = array_merge( $user_defaults, $db_rights_row );
$db_rights[$db_rights_row['User']][$db_rights_row['Host']] =
$db_rights_row;
if ( ! empty( $db_rights_row['User'] ) ) {
$letter = strtoupper( $db_rights_row['User']{0} );
$array_initials[$letter] = true;
}
}
}
}
PMA_DBI_free_result( $db_rights_result );
unset( $db_rights_sql, $db_rights_sqls, $db_rights_result, $db_rights_row );
ksort( $db_rights );
/** /**
* Displays the initials * Displays the initials
*/ */
// for all initials, even non A-Z
$array_initials = array();
// initialize to FALSE the letters A-Z // initialize to FALSE the letters A-Z
for ($letter_counter = 1; $letter_counter < 27; $letter_counter++) { for ($letter_counter = 1; $letter_counter < 27; $letter_counter++) {
if ( ! isset( $array_initials[chr($letter_counter + 64)] ) ) {
$array_initials[chr($letter_counter + 64)] = FALSE; $array_initials[chr($letter_counter + 64)] = FALSE;
} }
$initials = PMA_DBI_try_query('SELECT DISTINCT UPPER(LEFT(' . PMA_convert_using('User') . ',1)) FROM `mysql`.`user` ORDER BY `User` ASC', NULL, PMA_DBI_QUERY_STORE);
while (list($tmp_initial) = PMA_DBI_fetch_row($initials)) {
$array_initials[$tmp_initial] = TRUE;
} }
// Display the initials, which can be any characters, not // Display the initials, which can be any characters, not
// just letters. For letters A-Z, we add the non-used letters // just letters. For letters A-Z, we add the non-used letters
// as greyed out. // as greyed out.
uksort($array_initials, "strnatcasecmp"); uksort( $array_initials, "strnatcasecmp" );
reset($array_initials);
echo '<table cellspacing="5" style="font-size:' . $font_bigger . '"><tr>'; echo '<table cellspacing="5" style="font-size:' . $font_bigger . '"><tr>';
foreach ($array_initials as $tmp_initial => $initial_was_found) { foreach ($array_initials as $tmp_initial => $initial_was_found) {
if ($initial_was_found) { if ($initial_was_found) {
echo '<td><a href="' . $PHP_SELF . '?' . $GLOBALS['url_query'] . '&amp;initial=' . urlencode($tmp_initial) . '">' . $tmp_initial . '</a></td>' . "\n"; echo '<td><a href="' . $PHP_SELF . '?' . $GLOBALS['url_query'] . '&amp;initial=' . urlencode($tmp_initial) . '">' . $tmp_initial . '</a></td>' . "\n";
} else { } else {
@@ -1309,6 +1369,13 @@ if (empty($adduser) && empty($checkprivs)) {
if (isset($initial) || isset($showall) || PMA_DBI_num_rows($res) < 50) { if (isset($initial) || isset($showall) || PMA_DBI_num_rows($res) < 50) {
while ( $row = PMA_DBI_fetch_assoc( $res ) ) {
$row['privs'] = PMA_extractPrivInfo( $row, true );
$db_rights[$row['User']][$row['Host']] = $row;
}
@PMA_DBI_free_result( $res );
unset( $res );
echo '<form name="usersForm" action="server_privileges.php" method="post">' . "\n" echo '<form name="usersForm" action="server_privileges.php" method="post">' . "\n"
. PMA_generate_common_hidden_inputs('', '', 1) . PMA_generate_common_hidden_inputs('', '', 1)
. ' <table id="tableuserrights" class="data">' . "\n" . ' <table id="tableuserrights" class="data">' . "\n"
@@ -1324,27 +1391,27 @@ if (empty($adduser) && empty($checkprivs)) {
echo ' </thead>' . "\n"; echo ' </thead>' . "\n";
echo ' <tbody>' . "\n"; echo ' <tbody>' . "\n";
$odd_row = true; $odd_row = true;
for ($i = 0; $row = PMA_DBI_fetch_assoc($res); $i++) { foreach ( $db_rights as $user ) {
ksort( $user );
foreach ( $user as $host ) {
echo ' <tr class="' . ( $odd_row ? 'odd' : 'even' ) . '">' . "\n" echo ' <tr class="' . ( $odd_row ? 'odd' : 'even' ) . '">' . "\n"
. ' <td><input type="checkbox" name="selected_usr[]" id="checkbox_sel_users_' . $i . '" value="' . str_replace( chr(27), '&#27;', htmlentities($row['User'] . $user_host_separator . $row['Host'] ) ) . '"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' /></td>' . "\n" . ' <td><input type="checkbox" name="selected_usr[]" id="checkbox_sel_users_' . $i . '" value="' . str_replace( chr(27), '&#27;', htmlentities($host['User'] . $user_host_separator . $host['Host'] ) ) . '"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' /></td>' . "\n"
. ' <td><label for="checkbox_sel_users_' . $i . '">' . (empty($row['User']) ? '<span style="color: #FF0000">' . $GLOBALS['strAny'] . '</span>' : htmlspecialchars($row['User'])) . '</label></td>' . "\n" . ' <td><label for="checkbox_sel_users_' . $i . '">' . (empty($host['User']) ? '<span style="color: #FF0000">' . $GLOBALS['strAny'] . '</span>' : htmlspecialchars($host['User'])) . '</label></td>' . "\n"
. ' <td>' . htmlspecialchars($row['Host']) . '</td>' . "\n"; . ' <td>' . htmlspecialchars($host['Host']) . '</td>' . "\n";
$privs = PMA_extractPrivInfo($row, TRUE); echo ' <td>' . ($host['Password'] == 'Y' ? $GLOBALS['strYes'] : '<span style="color: #FF0000">' . $GLOBALS['strNo'] . '</span>') . '</td>' . "\n"
echo ' <td>' . ($row['Password'] == 'Y' ? $GLOBALS['strYes'] : '<span style="color: #FF0000">' . $GLOBALS['strNo'] . '</span>') . '</td>' . "\n"
. ' <td><tt>' . "\n" . ' <td><tt>' . "\n"
. ' ' . join(',' . "\n" . ' ', $privs) . "\n" . ' ' . implode( ',' . "\n" . ' ', $host['privs'] ) . "\n"
. ' </tt></td>' . "\n" . ' </tt></td>' . "\n"
. ' <td>' . ($row['Grant_priv'] == 'Y' ? $GLOBALS['strYes'] : $GLOBALS['strNo']) . '</td>' . "\n" . ' <td>' . ($host['Grant_priv'] == 'Y' ? $GLOBALS['strYes'] : $GLOBALS['strNo']) . '</td>' . "\n"
. ' <td align="center">'; . ' <td align="center">';
printf( $link_edit, urlencode( $row['User'] ), printf( $link_edit, urlencode( $host['User'] ),
urlencode( $row['Host'] ), '', '' ); urlencode( $host['Host'] ), '', '' );
echo '</td>' . "\n" echo '</td>' . "\n"
. ' </tr>' . "\n"; . ' </tr>' . "\n";
$odd_row = ! $odd_row; $odd_row = ! $odd_row;
} }
@PMA_DBI_free_result($res); }
unset($res); unset( $user, $host, $odd_row );
unset ($row);
echo ' <tr><td></td>' . "\n" echo ' <tr><td></td>' . "\n"
. ' <td colspan="5">' . "\n" . ' <td colspan="5">' . "\n"
. ' <i>' . $GLOBALS['strEnglishPrivileges'] . '</i>' . "\n" . ' <i>' . $GLOBALS['strEnglishPrivileges'] . '</i>' . "\n"
@@ -1422,12 +1489,14 @@ if (empty($adduser) && empty($checkprivs)) {
} }
echo ' : ' . $GLOBALS['strEditPrivileges'] . '</h2>' . "\n"; echo ' : ' . $GLOBALS['strEditPrivileges'] . '</h2>' . "\n";
$res = PMA_DBI_query('SELECT \'foo\' FROM `mysql`.`user` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ';', NULL, PMA_DBI_QUERY_STORE); $res = PMA_DBI_query('SELECT \'foo\' FROM `mysql`.`user` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ';', NULL, PMA_DBI_QUERY_STORE);
if (PMA_DBI_num_rows($res) < 1) { $user_does_not_exists = (PMA_DBI_num_rows( $res ) < 1);
echo $GLOBALS['strUserNotFound'];
require_once('./footer.inc.php');
}
PMA_DBI_free_result($res); PMA_DBI_free_result($res);
unset($res); unset($res);
if ( $user_does_not_exists ) {
echo $GLOBALS['strUserNotFound'];
PMA_displayLoginInformationFields();
//require_once('./footer.inc.php');
}
echo '<form name="usersForm" action="server_privileges.php" method="post">' . "\n" echo '<form name="usersForm" action="server_privileges.php" method="post">' . "\n"
. PMA_generate_common_hidden_inputs('', '', 3) . PMA_generate_common_hidden_inputs('', '', 3)
. '<input type="hidden" name="username" value="' . htmlspecialchars($username) . '" />' . "\n" . '<input type="hidden" name="username" value="' . htmlspecialchars($username) . '" />' . "\n"
@@ -1440,6 +1509,7 @@ if (empty($adduser) && empty($checkprivs)) {
} }
PMA_displayPrivTable((empty($dbname) ? '*' : $dbname), ((empty($dbname) || empty($tablename)) ? '*' : $tablename), TRUE, 3); PMA_displayPrivTable((empty($dbname) ? '*' : $dbname), ((empty($dbname) || empty($tablename)) ? '*' : $tablename), TRUE, 3);
echo '</form>' . "\n"; echo '</form>' . "\n";
if (empty($tablename)) { if (empty($tablename)) {
echo '<form action="server_privileges.php" method="post">' . "\n" echo '<form action="server_privileges.php" method="post">' . "\n"
. PMA_generate_common_hidden_inputs('', '', 6) . PMA_generate_common_hidden_inputs('', '', 6)
@@ -1640,7 +1710,8 @@ if (empty($adduser) && empty($checkprivs)) {
. '</fieldset>' . "\n" . '</fieldset>' . "\n"
. '</form>' . "\n"; . '</form>' . "\n";
} }
if (empty($dbname)) {
if ( empty($dbname) && ! $user_does_not_exists ) {
echo '<form action="server_privileges.php" method="post" onsubmit="return checkPassword(this);">' . "\n" echo '<form action="server_privileges.php" method="post" onsubmit="return checkPassword(this);">' . "\n"
. PMA_generate_common_hidden_inputs('', '', 3) . PMA_generate_common_hidden_inputs('', '', 3)
. '<input type="hidden" name="username" value="' . htmlspecialchars($username) . '" />' . "\n" . '<input type="hidden" name="username" value="' . htmlspecialchars($username) . '" />' . "\n"
@@ -1697,7 +1768,7 @@ if (empty($adduser) && empty($checkprivs)) {
. '</form>' . "\n"; . '</form>' . "\n";
} }
} }
} else if (!empty($adduser)) { } elseif (!empty($adduser)) {
// Add a new user // Add a new user
$GLOBALS['url_query'] .= '&amp;adduser=1'; $GLOBALS['url_query'] .= '&amp;adduser=1';
echo '<h2>' . "\n" echo '<h2>' . "\n"