nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #687808

Browse Source
This commit is contained in:
Alexander M. Turek
2003-02-23 18:21:27 +00:00
parent f7721b7c75
commit deec72db89
3 changed files with 95 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ANNOUNCE.txt
View File

@@ -23,7 +23,7 @@ Announcement
the Web, and is now one of the most popular PHP script used the Web, and is now one of the most popular PHP script used
worldwide: more than 3.1 million download in the past year! worldwide: more than 3.1 million download in the past year!
SourceForge gave phpMyAdmin the "Project of the Month" award in SourceForge gave phpMyAdmin the "Project of the Month" award in
December: look at the article http://sourceforge.net/pom_1202.php December: look at the article http://sourceforge.net/pom_1202.php
to learn more about the project's history. to learn more about the project's history.
@@ -145,10 +145,11 @@ Support and Documentation
Known bugs Known bugs
---------- ----------
* Querying UNION SELECTs may result in php errors about undefined variables. * The total number of rows of UNION SELECT is not calculated correctly.
Furthermore, the total number of rows may be not calculated correctly, here. * Some users reported problems on machines running Zend Accelerator (TM).
* Some users reported problems on machines with Zend Accelerator (TM).
* The MySQL 4.1.x and php 5.0.x branches are not yet supported by phpMyAdmin. * The MySQL 4.1.x and php 5.0.x branches are not yet supported by phpMyAdmin.
* Displaying large exports may crash Microsoft Internet Explorer.
* When renaming tables or fields the relations set in phpMyAdmin are lost.
To be informed about new releases fixing these problems, please To be informed about new releases fixing these problems, please
subscribe to the news mailing list under subscribe to the news mailing list under

5
ChangeLog
View File

@@ -5,6 +5,11 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2003-02-23 Alexander M. Turek <rabus@users.sourceforge.net>
* server_privileges: Better code for "check privileges"; This should fix
bug #687808 and a few other problems.
* ANNOUNCE.txt: Updated list of known bugs.
2003-02-22 Marc Delisle <lem9@users.sourceforge.net> 2003-02-22 Marc Delisle <lem9@users.sourceforge.net>
* lang/italian update, thanks to Pietro Danesi * lang/italian update, thanks to Pietro Danesi
* lang/slovak update, thanks to Lubos Klokner * lang/slovak update, thanks to Lubos Klokner

181
server_privileges.php3
View File

@@ -1379,14 +1379,19 @@ if (empty($adduser) && empty($checkprivs)) {
. ' </th>' . "\n" . ' </th>' . "\n"
. ' </tr>' . "\n"; . ' </tr>' . "\n";
$useBgcolorOne = TRUE; $useBgcolorOne = TRUE;
unset($row);
unset($row1);
unset($row2);
// now, we build the table... // now, we build the table...
if (PMA_MYSQL_INT_VERSION >= 40000) { if (PMA_MYSQL_INT_VERSION >= 40000) {
// Starting with MySQL 4.0.0, we may use UNION SELECTs and this makes // Starting with MySQL 4.0.0, we may use UNION SELECTs and this makes
// the job much easier here! // the job much easier here!
$sql_query = '(SELECT `User`, `Host`, `Db`, `Select_priv`, `Insert_priv`, `Update_priv`, `Delete_priv`, `Create_priv`, `Drop_priv`, `Grant_priv`, `References_priv` FROM `db` WHERE "' . $checkprivs . '" LIKE `Db` AND NOT (`Select_priv` = "N" AND `Insert_priv` = "N" AND `Update_priv` = "N" AND `Delete_priv` = "N" AND `Create_priv` = "N" AND `Drop_priv` = "N" AND `Grant_priv` = "N" AND `References_priv` = "N")) UNION (SELECT `User`, `Host`, "*" AS "Db", `Select_priv`, `Insert_priv`, `Update_priv`, `Delete_priv`, `Create_priv`, `Drop_priv`, `Grant_priv`, `References_priv` FROM `user` WHERE NOT (`Select_priv` = "N" AND `Insert_priv` = "N" AND `Update_priv` = "N" AND `Delete_priv` = "N" AND `Create_priv` = "N" AND `Drop_priv` = "N" AND `Grant_priv` = "N" AND `References_priv` = "N")) ORDER BY `User` ASC, `Host` ASC, `Db` ASC;'; $sql_query = '(SELECT `User`, `Host`, `Db`, `Select_priv`, `Insert_priv`, `Update_priv`, `Delete_priv`, `Create_priv`, `Drop_priv`, `Grant_priv`, `References_priv` FROM `db` WHERE "' . $checkprivs . '" LIKE `Db` AND NOT (`Select_priv` = "N" AND `Insert_priv` = "N" AND `Update_priv` = "N" AND `Delete_priv` = "N" AND `Create_priv` = "N" AND `Drop_priv` = "N" AND `Grant_priv` = "N" AND `References_priv` = "N")) UNION (SELECT `User`, `Host`, "*" AS "Db", `Select_priv`, `Insert_priv`, `Update_priv`, `Delete_priv`, `Create_priv`, `Drop_priv`, `Grant_priv`, `References_priv` FROM `user` WHERE NOT (`Select_priv` = "N" AND `Insert_priv` = "N" AND `Update_priv` = "N" AND `Delete_priv` = "N" AND `Create_priv` = "N" AND `Drop_priv` = "N" AND `Grant_priv` = "N" AND `References_priv` = "N")) ORDER BY `User` ASC, `Host` ASC, `Db` ASC;';
$res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query);
$row1 = PMA_mysql_fetch_array($res, MYSQL_ASSOC); $row = PMA_mysql_fetch_array($res, MYSQL_ASSOC);
$row2 = PMA_mysql_fetch_array($res, MYSQL_ASSOC); if ($row) {
$found = TRUE;
}
} else { } else {
// With MySQL 3, we need 2 seperate queries here. // With MySQL 3, we need 2 seperate queries here.
$sql_query = 'SELECT * FROM `user` WHERE NOT (`Select_priv` = "N" AND `Insert_priv` = "N" AND `Update_priv` = "N" AND `Delete_priv` = "N" AND `Create_priv` = "N" AND `Drop_priv` = "N" ' . (PMA_MYSQL_INT_VERSION >= 32211 ? 'AND `Grant_priv` = "N" ' : '') . 'AND `References_priv` = "N") ORDER BY `User` ASC, `Host` ASC;'; $sql_query = 'SELECT * FROM `user` WHERE NOT (`Select_priv` = "N" AND `Insert_priv` = "N" AND `Update_priv` = "N" AND `Delete_priv` = "N" AND `Create_priv` = "N" AND `Drop_priv` = "N" ' . (PMA_MYSQL_INT_VERSION >= 32211 ? 'AND `Grant_priv` = "N" ' : '') . 'AND `References_priv` = "N") ORDER BY `User` ASC, `Host` ASC;';
@@ -1394,112 +1399,96 @@ if (empty($adduser) && empty($checkprivs)) {
$row1 = PMA_mysql_fetch_array($res1, MYSQL_ASSOC); $row1 = PMA_mysql_fetch_array($res1, MYSQL_ASSOC);
$sql_query = 'SELECT * FROM `db` WHERE "' . $checkprivs . '" LIKE `Db` AND NOT (`Select_priv` = "N" AND `Insert_priv` = "N" AND `Update_priv` = "N" AND `Delete_priv` = "N" AND `Create_priv` = "N" AND `Drop_priv` = "N" ' . (PMA_MYSQL_INT_VERSION >= 32211 ? 'AND `Grant_priv` = "N" ' : '') . 'AND `References_priv` = "N") ORDER BY `User` ASC, `Host` ASC;'; $sql_query = 'SELECT * FROM `db` WHERE "' . $checkprivs . '" LIKE `Db` AND NOT (`Select_priv` = "N" AND `Insert_priv` = "N" AND `Update_priv` = "N" AND `Delete_priv` = "N" AND `Create_priv` = "N" AND `Drop_priv` = "N" ' . (PMA_MYSQL_INT_VERSION >= 32211 ? 'AND `Grant_priv` = "N" ' : '') . 'AND `References_priv` = "N") ORDER BY `User` ASC, `Host` ASC;';
$res2 = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); $res2 = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query);
$row2 = PMA_mysql_fetch_array($res2, MYSQL_ASSOC); $row2 = PMA_mysql_fetch_array($res1, MYSQL_ASSOC);
if ($row1 || $row2) {
$found = TRUE;
}
} // end if (PMA_MYSQL_INT_VERSION >= 40000) ... else ... } // end if (PMA_MYSQL_INT_VERSION >= 40000) ... else ...
while (!empty($row1) || !empty($row2)) { if ($found) {
echo ' <tr>' . "\n"; while (TRUE) {
if (!empty($row1) && !empty($row2) && $row1['User'] == $row2['User'] && $row1['Host'] == $row2['Host']) { // prepare the current user
$useRow1 = $useRow2 = TRUE; if (PMA_MYSQL_INT_VERSION >= 40000) {
echo ' <td rowspan="2" bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n" $current_privileges = array();
. ' ' . (empty($row1['User']) ? '<span style="color: #FF0000">' . $strAny . '</span>' : htmlspecialchars($row1['User'])) . "\n" $current_user = $row['User'];
. ' </td>' . "\n" $current_host = $row['Host'];
. ' <td rowspan="2" bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n" while ($row && $current_user == $row['User'] && $current_host == $row['Host']) {
. ' ' . htmlspecialchars($row1['Host']) . "\n" $current_privileges[] = $row;
. ' </td>' . "\n"; $row = PMA_mysql_fetch_array($res, MYSQL_ASSOC);
} else if (PMA_MYSQL_INT_VERSION >= 40000 || empty($row2) || $row1['User'] < $row2['User'] || ($row1['User'] == $row2['User'] && $row1['Host'] < $row2['Host'])) { }
$useRow1 = TRUE;
$useRow2 = FALSE;
echo ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' ' . (empty($row1['User']) ? '<span style="color: #FF0000">' . $strAny . '</span>' : htmlspecialchars($row1['User'])) . "\n"
. ' </td>' . "\n"
. ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' ' . htmlspecialchars($row1['Host']) . "\n"
. ' </td>' . "\n";
} else {
$useRow1 = FALSE;
$useRow2 = TRUE;
echo ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' ' . (empty($row2['User']) ? '<span style="color: #FF0000">' . $strAny . '</span>' : htmlspecialchars($row2['User'])) . "\n"
. ' </td>' . "\n"
. ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' ' . htmlspecialchars($row2['Host']) . "\n"
. ' </td>' . "\n";
}
if ($useRow1) {
echo ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' ';
if (!isset($row1['Db']) || $row1['Db'] == '*') {
echo $strGlobal;
} else if ($row1['Db'] == $checkprivs) {
echo $strDbSpecific;
} else { } else {
echo $strWildcard, ': <tt>' . htmlspecialchars($row1['Db']) . '</tt>'; $current_privileges = array();
if ($row1 && (!$row2 || ($row1['User'] < $row2['User'] || ($row1['User'] == $row2['User'] && $row1['Host'] <= $row2['Host'])))) {
$current_user = $row1['User'];
$current_host = $row1['Host'];
$current_privileges = array($row1);
$row1 = PMA_mysql_fetch_array($res1, MYSQL_ASSOC);
} else {
$current_user = $row2['User'];
$current_host = $row2['Host'];
$current_privileges = array();
}
while ($row2 && $current_user == $row2['User'] && $current_host == $row2['Host']) {
$current_privileges[] = $row2;
$row2 = PMA_mysql_fetch_array($res2, MYSQL_ASSOC);
}
} }
echo "\n" echo ' <tr>' . "\n"
. ' <td';
if (count($current_privileges) > 1) {
echo ' rowspan="' . count($current_privileges) . '"';
}
echo ' bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' ' . (empty($current_user) ? '<span style="color: #FF0000">' . $strAny . '</span>' : htmlspecialchars($current_user)) . "\n"
. ' </td>' . "\n" . ' </td>' . "\n"
. ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n" . ' <td';
. ' <tt>' . "\n" if (count($current_privileges) > 1) {
. ' ' . join(',' . "\n" . ' ', PMA_extractPrivInfo($row1, TRUE)) . "\n" echo ' rowspan="' . count($current_privileges) . '"';
. ' <tt>' . "\n" }
echo ' bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' ' . htmlspecialchars($current_host) . "\n"
. ' </td>' . "\n"; . ' </td>' . "\n";
if (PMA_MYSQL_INT_VERSION >= 32211) { while (list(, $current) = each($current_privileges)) {
echo ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n" echo ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' ' . ($row1['Grant_priv'] == 'Y' ? $strYes : $strNo) . "\n" . ' ';
if (!isset($current['Db']) || $current['Db'] == '*') {
echo $strGlobal;
} else if ($current['Db'] == $checkprivs) {
echo $strDbSpecific;
} else {
echo $strWildcard, ': <tt>' . htmlspecialchars($current['Db']) . '</tt>';
}
echo "\n"
. ' </td>' . "\n"
. ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' <tt>' . "\n"
. ' ' . join(',' . "\n" . ' ', PMA_extractPrivInfo($current, TRUE)) . "\n"
. ' <tt>' . "\n"
. ' </td>' . "\n"; . ' </td>' . "\n";
} if (PMA_MYSQL_INT_VERSION >= 32211) {
echo ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n" echo ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' <a href="./server_privileges.php3?' . $url_query . '&amp;username=' . urlencode($row1['User']) . ($row1['Host'] == '%' ? '' : '&amp;hostname=' . urlencode($row1['Host'])) . (!isset($row1['Db']) || $row1['Db'] == '*' ? '' : '&amp;dbname=' . urlencode($row1['Db'])) . '">' . "\n" . ' ' . ($current['Grant_priv'] == 'Y' ? $strYes : $strNo) . "\n"
. ' ' . $strEdit . "\n" . ' </td>' . "\n";
. ' </a>' . "\n" }
. ' </td>' . "\n"
. ' </tr>' . "\n";
if (PMA_MYSQL_INT_VERSION < 40000) {
$row1 = PMA_mysql_fetch_array($res1, MYSQL_ASSOC);
}
}
if ($useRow2) {
if ($useRow1) {
echo ' <tr>' . "\n";
}
echo ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' ';
if (!isset($row2['Db']) || $row2['Db'] == '*') {
echo $strGlobal;
} else if ($row2['Db'] == $checkprivs) {
echo $strDbSpecific;
} else {
echo $strWildcard, ': <tt>' . htmlspecialchars($row2['Db']) . '</tt>';
}
echo "\n"
. ' </td>' . "\n"
. ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' <tt>' . "\n"
. ' ' . join(',' . "\n" . ' ', PMA_extractPrivInfo($row2, TRUE)) . "\n"
. ' </tt>' . "\n"
. ' </td>' . "\n";
if (PMA_MYSQL_INT_VERSION >= 32211) {
echo ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n" echo ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n"
. ' ' . ($row2['Grant_priv'] == 'Y' ? $strYes : $strNo) . "\n" . ' <a href="./server_privileges.php3?' . $url_query . '&amp;username=' . urlencode($current_user) . ($current_host == '%' ? '' : '&amp;hostname=' . urlencode($current_host)) . (!isset($current['Db']) || $current['Db'] == '*' ? '' : '&amp;dbname=' . urlencode($current['Db'])) . '">' . "\n"
. ' </td>' . "\n"; . ' ' . $strEdit . "\n"
. ' </a>' . "\n"
. ' </td>' . "\n"
. ' </tr>' . "\n";
} }
echo ' <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n" if (empty($row) && empty($row1) && empty($row2)) {
. ' <a href="./server_privileges.php3?' . $url_query . '&amp;username=' . urlencode($row2['User']) . ($row2['Host'] == '%' ? '' : '&amp;hostname=' . urlencode($row2['Host'])) . (!isset($row2['Db']) || $row2['Db'] == '*' ? '' : '&amp;dbname=' . urlencode($row2['Db'])) . '">' . "\n" break;
. ' ' . $strEdit . "\n"
. ' </a>' . "\n"
. ' </td>' . "\n"
. ' </tr>' . "\n";
if (PMA_MYSQL_INT_VERSION < 40000) {
$row2 = PMA_mysql_fetch_array($res2, MYSQL_ASSOC);
} else {
$row1 = PMA_mysql_fetch_array($res, MYSQL_ASSOC);
$row2 = PMA_mysql_fetch_array($res, MYSQL_ASSOC);
} }
} else if (PMA_MYSQL_INT_VERSION >= 40000) { $useBgcolorOne = !$useBgcolorOne;
$row1 = $row2;
$row2 = PMA_mysql_fetch_array($res, MYSQL_ASSOC);
} }
$useBgcolorOne = !$useBgcolorOne; } else {
echo ' <tr>' . "\n"
. ' <td colspan="' . (PMA_MYSQL_INT_VERSION >= 32211 ? '5' : '6') . '" bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
. ' ' . $strNoUsersFound . "\n"
. ' </td>' . "\n"
. ' </tr>' . "\n";
} }
echo '</table>' . "\n";
} // end if (empty($adduser) && empty($checkprivs)) ... else if ... else ... } // end if (empty($adduser) && empty($checkprivs)) ... else if ... else ...