From d35c14a0a9126353971878cc3a34cb1764fb49fd Mon Sep 17 00:00:00 2001
From: Sebastian Mendel <cybot_tm@users.sourceforge.net>
Date: Fri, 9 Nov 2007 07:41:47 +0000
Subject: [PATCH] fixed possible SQL injection using database name

---
 ChangeLog             | 3 +++
 server_privileges.php | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 5200bff98..d67910e9d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #1826022 [privileges] unable to add user (MySQL 3.23) since PMA 2.11.2
 - bug #1823045 [import] Error importing file with lowercase "delimiter"
 
+2.11.2.1 (not yet released)
+- fixed possible SQL injection using database name
+
 2.11.2.0 (2007-10-27)
 - patch #1791576 HTTP auth: support REDIRECT_REMOTE_USER, thanks to Allard
 + [lang] Serbian update, thanks to Mihailo Stefanovic 
diff --git a/server_privileges.php b/server_privileges.php
index 012a8d15d..23d174b98 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -2033,7 +2033,7 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
             .   PMA_convert_using('`Db`') . ' AS `Db`, '
             .   $list_of_privileges
             .' FROM `mysql`.`db`'
-            .' WHERE ' . PMA_convert_using($checkprivs, 'quoted')
+            .' WHERE ' . PMA_convert_using(PMA_sqlAddslashes($checkprivs), 'quoted')
             .' LIKE ' . PMA_convert_using('`Db`')
             .' AND NOT (' . $list_of_compared_privileges. ')) '
             .'UNION '