nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check the privileges of the anonymous user, too.

Browse Source
This commit is contained in:
Alexander M. Turek
2004-09-05 15:53:32 +00:00
parent dbcfed48a6
commit dcf17c1159
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -11,6 +11,7 @@ $Source$
* tbl_create.php: Use default tab.
* tbl_properties.inc.php: Don't offer the BINARY field attribute in
MySQL 4.1.
* main.php: Check the privileges of the anonymous user, too.
2004-09-05 Michal Čihař <michal@cihar.com>
* Documentation.html: Add information about theme versions and names.

4
main.php
View File

@@ -182,7 +182,7 @@ if ($server > 0) {
// (even if they cannot see the tables)
$is_superuser = PMA_DBI_try_query('SELECT COUNT(*) FROM mysql.user', $userlink, PMA_DBI_QUERY_STORE);
if ($dbh) {
$local_query = 'SELECT Create_priv, Reload_priv FROM mysql.user WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ';';
$local_query = 'SELECT Create_priv, Reload_priv FROM mysql.user WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ' OR ' . PMA_convert_using('User') . ' = ' . PMA_convert_using('', 'quoted') . ';';
$rs_usr = PMA_DBI_try_query($local_query, $dbh); // Debug: or PMA_mysqlDie('', $local_query, FALSE);
if ($rs_usr) {
while ($result_usr = PMA_DBI_fetch_assoc($rs_usr)) {
@@ -201,7 +201,7 @@ if ($server > 0) {
// the first inexistant db name that we find, in most cases it's probably
// the one he just dropped :)
if (!$is_create_priv) {
$local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE ' . PMA_convert_using('Create_priv') . ' = ' . PMA_convert_using('Y', 'quoted') . ' AND ' . PMA_convert_using('User') . ' = ' .PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ';';
$local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE ' . PMA_convert_using('Create_priv') . ' = ' . PMA_convert_using('Y', 'quoted') . ' AND (' . PMA_convert_using('User') . ' = ' .PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ' OR ' . PMA_convert_using('User') . ' = ' . PMA_convert_using('', 'quoted') . ');';
$rs_usr = PMA_DBI_try_query($local_query, $dbh, PMA_DBI_QUERY_STORE);
if ($rs_usr) {
$re0 = '(^|(\\\\\\\\)+|[^\])'; // non-escaped wildcards