improved escaping, thanks to Herman van Rink

2009-10-12 21:53:01 +00:00
parent 8ec5434999
commit e22d2204e5
1 changed files with 9 additions and 9 deletions
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -373,7 +373,7 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE)
            .' AND `Host`'
            .' = \'' . PMA_sqlAddslashes($hostname) . "'"
            .' AND `Db`'
-            .' = \'' . PMA_unescape_mysql_wildcards($db) . "'"
+            .' = \'' . PMA_sqlAddslashes(PMA_unescape_mysql_wildcards($db)) . "'"
            .' AND `Table_name`'
            .' = \'' . PMA_sqlAddslashes($table) . '\';');

@@ -1026,11 +1026,11 @@ if (isset($_REQUEST['change_copy'])) {
            .' WHERE `User`'
            .' = \'' . PMA_sqlAddslashes($old_username) . "'"
            .' AND `Host`'
-            .' = \'' . $old_hostname . '\''
+            .' = \'' . PMA_sqlAddslashes($old_hostname) . '\''
            .' AND `Db`'
-            .' = \'' . $row['Db'] . "'"
+            .' = \'' . PMA_sqlAddslashes($row['Db']) . "'"
            .' AND `Table_name`'
-            .' = \'' . $row['Table_name'] . "'"
+            .' = \'' . PMA_sqlAddslashes($row['Table_name']) . "'"
            .';',
            null, PMA_DBI_QUERY_STORE);

@@ -1690,8 +1690,8 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
                    if (in_array($table_search_in, $tables)) {
                        $db_rights_sqls[] = '
                            SELECT DISTINCT `Db`
-                                   FROM `mysql`.`' . $table_search_in . '`
-                                  ' . $user_host_condition;
+                                   FROM `mysql`.' . PMA_backquote($table_search_in)
+                                   . $user_host_condition;
                    }
                }

@@ -1747,7 +1747,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs

                $user_host_condition .=
                    ' AND `Db`'
-                    .' LIKE \'' . $dbname . "'";
+                    .' LIKE \'' . PMA_sqlAddslashes($dbname) . "'";

                $tables_to_search_for_users = array(
                    'columns_priv',
@@ -1758,8 +1758,8 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
                    if (in_array($table_search_in, $tables)) {
                        $db_rights_sqls[] = '
                            SELECT DISTINCT `Table_name`
-                                   FROM `mysql`.`' . $table_search_in . '`
-                                  ' . $user_host_condition;
+                                   FROM `mysql`.' . PMA_backquote($table_search_in) 
+                                   . $user_host_condition;
                    }
                }