[privileges] Improve escaping of hostname
This commit is contained in:
Herman van Rink
@@ -75,6 +75,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
|
|||||||
- bug #869006 [structure] Ignore number of records for MRG_MyISAM tables
|
- bug #869006 [structure] Ignore number of records for MRG_MyISAM tables
|
||||||
- bug [browse] "Show BLOB contents" should display HTML code that is present
|
- bug [browse] "Show BLOB contents" should display HTML code that is present
|
||||||
in a BLOB, thanks to Vincent van der Tuin
|
in a BLOB, thanks to Vincent van der Tuin
|
||||||
|
- [privileges] Improve escaping of hostname
|
||||||
|
|
||||||
3.2.4.0 (2009-12-02)
|
3.2.4.0 (2009-12-02)
|
||||||
- bug [engines] Innodb_buffer_pool_pages_latched no longer returned in status
|
- bug [engines] Innodb_buffer_pool_pages_latched no longer returned in status
|
||||||
|
|||||||
@@ -798,7 +798,7 @@ if (isset($_REQUEST['change_copy'])) {
|
|||||||
' WHERE `User`'
|
' WHERE `User`'
|
||||||
.' = \'' . PMA_sqlAddslashes($old_username) . "'"
|
.' = \'' . PMA_sqlAddslashes($old_username) . "'"
|
||||||
.' AND `Host`'
|
.' AND `Host`'
|
||||||
.' = \'' . $old_hostname . '\';';
|
.' = \'' . PMA_sqlAddslashes($old_hostname) . '\';';
|
||||||
$row = PMA_DBI_fetch_single_row('SELECT * FROM `mysql`.`user` ' . $user_host_condition);
|
$row = PMA_DBI_fetch_single_row('SELECT * FROM `mysql`.`user` ' . $user_host_condition);
|
||||||
if (! $row) {
|
if (! $row) {
|
||||||
PMA_Message::notice('strNoUsersFound')->display();
|
PMA_Message::notice('strNoUsersFound')->display();
|
||||||
@@ -850,11 +850,11 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
|
|||||||
$_REQUEST['adduser'] = true;
|
$_REQUEST['adduser'] = true;
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
$create_user_real = 'CREATE USER \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';
|
$create_user_real = 'CREATE USER \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\'';
|
||||||
|
|
||||||
$real_sql_query =
|
$real_sql_query =
|
||||||
'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \''
|
'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \''
|
||||||
. PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';
|
. PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\'';
|
||||||
if ($pred_password != 'none' && $pred_password != 'keep') {
|
if ($pred_password != 'none' && $pred_password != 'keep') {
|
||||||
$sql_query = $real_sql_query . ' IDENTIFIED BY \'***\'';
|
$sql_query = $real_sql_query . ' IDENTIFIED BY \'***\'';
|
||||||
$real_sql_query .= ' IDENTIFIED BY \'' . PMA_sqlAddslashes($pma_pw) . '\'';
|
$real_sql_query .= ' IDENTIFIED BY \'' . PMA_sqlAddslashes($pma_pw) . '\'';
|
||||||
@@ -946,7 +946,7 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
|
|||||||
|
|
||||||
$q = 'GRANT ALL PRIVILEGES ON '
|
$q = 'GRANT ALL PRIVILEGES ON '
|
||||||
. PMA_backquote(PMA_sqlAddslashes($username)) . '.* TO \''
|
. PMA_backquote(PMA_sqlAddslashes($username)) . '.* TO \''
|
||||||
. PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
|
. PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
|
||||||
$sql_query .= $q;
|
$sql_query .= $q;
|
||||||
if (! PMA_DBI_try_query($q)) {
|
if (! PMA_DBI_try_query($q)) {
|
||||||
$message = PMA_Message::rawError(PMA_DBI_getError());
|
$message = PMA_Message::rawError(PMA_DBI_getError());
|
||||||
@@ -956,7 +956,7 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
|
|||||||
// Grant all privileges on wildcard name (username\_%)
|
// Grant all privileges on wildcard name (username\_%)
|
||||||
$q = 'GRANT ALL PRIVILEGES ON '
|
$q = 'GRANT ALL PRIVILEGES ON '
|
||||||
. PMA_backquote(PMA_sqlAddslashes($username) . '\_%') . '.* TO \''
|
. PMA_backquote(PMA_sqlAddslashes($username) . '\_%') . '.* TO \''
|
||||||
. PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
|
. PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
|
||||||
$sql_query .= $q;
|
$sql_query .= $q;
|
||||||
if (! PMA_DBI_try_query($q)) {
|
if (! PMA_DBI_try_query($q)) {
|
||||||
$message = PMA_Message::rawError(PMA_DBI_getError());
|
$message = PMA_Message::rawError(PMA_DBI_getError());
|
||||||
@@ -966,7 +966,7 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
|
|||||||
// Grant all privileges on the specified database to the new user
|
// Grant all privileges on the specified database to the new user
|
||||||
$q = 'GRANT ALL PRIVILEGES ON '
|
$q = 'GRANT ALL PRIVILEGES ON '
|
||||||
. PMA_backquote(PMA_sqlAddslashes($dbname)) . '.* TO \''
|
. PMA_backquote(PMA_sqlAddslashes($dbname)) . '.* TO \''
|
||||||
. PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
|
. PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
|
||||||
$sql_query .= $q;
|
$sql_query .= $q;
|
||||||
if (! PMA_DBI_try_query($q)) {
|
if (! PMA_DBI_try_query($q)) {
|
||||||
$message = PMA_Message::rawError(PMA_DBI_getError());
|
$message = PMA_Message::rawError(PMA_DBI_getError());
|
||||||
@@ -1003,13 +1003,13 @@ if (isset($_REQUEST['change_copy'])) {
|
|||||||
' WHERE `User`'
|
' WHERE `User`'
|
||||||
.' = \'' . PMA_sqlAddslashes($old_username) . "'"
|
.' = \'' . PMA_sqlAddslashes($old_username) . "'"
|
||||||
.' AND `Host`'
|
.' AND `Host`'
|
||||||
.' = \'' . $old_hostname . '\';';
|
.' = \'' . PMA_sqlAddslashes($old_hostname) . '\';';
|
||||||
$res = PMA_DBI_query('SELECT * FROM `mysql`.`db`' . $user_host_condition);
|
$res = PMA_DBI_query('SELECT * FROM `mysql`.`db`' . $user_host_condition);
|
||||||
while ($row = PMA_DBI_fetch_assoc($res)) {
|
while ($row = PMA_DBI_fetch_assoc($res)) {
|
||||||
$queries[] =
|
$queries[] =
|
||||||
'GRANT ' . join(', ', PMA_extractPrivInfo($row))
|
'GRANT ' . join(', ', PMA_extractPrivInfo($row))
|
||||||
.' ON ' . PMA_backquote($row['Db']) . '.*'
|
.' ON ' . PMA_backquote($row['Db']) . '.*'
|
||||||
.' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\''
|
.' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\''
|
||||||
. ($row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION;' : ';');
|
. ($row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION;' : ';');
|
||||||
}
|
}
|
||||||
PMA_DBI_free_result($res);
|
PMA_DBI_free_result($res);
|
||||||
@@ -1073,7 +1073,7 @@ if (isset($_REQUEST['change_copy'])) {
|
|||||||
$queries[] =
|
$queries[] =
|
||||||
'GRANT ' . join(', ', $tmp_privs1)
|
'GRANT ' . join(', ', $tmp_privs1)
|
||||||
. ' ON ' . PMA_backquote($row['Db']) . '.' . PMA_backquote($row['Table_name'])
|
. ' ON ' . PMA_backquote($row['Db']) . '.' . PMA_backquote($row['Table_name'])
|
||||||
. ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\''
|
. ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\''
|
||||||
. (in_array('Grant', explode(',', $row['Table_priv'])) ? ' WITH GRANT OPTION;' : ';');
|
. (in_array('Grant', explode(',', $row['Table_priv'])) ? ' WITH GRANT OPTION;' : ';');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1087,11 +1087,11 @@ if (!empty($update_privs)) {
|
|||||||
|
|
||||||
$sql_query0 =
|
$sql_query0 =
|
||||||
'REVOKE ALL PRIVILEGES ON ' . $db_and_table
|
'REVOKE ALL PRIVILEGES ON ' . $db_and_table
|
||||||
. ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
|
. ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
|
||||||
if (!isset($Grant_priv) || $Grant_priv != 'Y') {
|
if (!isset($Grant_priv) || $Grant_priv != 'Y') {
|
||||||
$sql_query1 =
|
$sql_query1 =
|
||||||
'REVOKE GRANT OPTION ON ' . $db_and_table
|
'REVOKE GRANT OPTION ON ' . $db_and_table
|
||||||
. ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
|
. ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
|
||||||
} else {
|
} else {
|
||||||
$sql_query1 = '';
|
$sql_query1 = '';
|
||||||
}
|
}
|
||||||
@@ -1102,7 +1102,7 @@ if (!empty($update_privs)) {
|
|||||||
$sql_query2 =
|
$sql_query2 =
|
||||||
'GRANT ' . join(', ', PMA_extractPrivInfo())
|
'GRANT ' . join(', ', PMA_extractPrivInfo())
|
||||||
. ' ON ' . $db_and_table
|
. ' ON ' . $db_and_table
|
||||||
. ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';
|
. ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\'';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @todo similar code appears twice in this script
|
* @todo similar code appears twice in this script
|
||||||
@@ -1162,10 +1162,10 @@ if (isset($_REQUEST['revokeall'])) {
|
|||||||
|
|
||||||
$sql_query0 =
|
$sql_query0 =
|
||||||
'REVOKE ALL PRIVILEGES ON ' . $db_and_table
|
'REVOKE ALL PRIVILEGES ON ' . $db_and_table
|
||||||
. ' FROM \'' . $username . '\'@\'' . $hostname . '\';';
|
. ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
|
||||||
$sql_query1 =
|
$sql_query1 =
|
||||||
'REVOKE GRANT OPTION ON ' . $db_and_table
|
'REVOKE GRANT OPTION ON ' . $db_and_table
|
||||||
. ' FROM \'' . $username . '\'@\'' . $hostname . '\';';
|
. ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
|
||||||
|
|
||||||
PMA_DBI_query($sql_query0);
|
PMA_DBI_query($sql_query0);
|
||||||
if (! PMA_DBI_try_query($sql_query1)) {
|
if (! PMA_DBI_try_query($sql_query1)) {
|
||||||
@@ -1205,8 +1205,8 @@ if (isset($_REQUEST['change_pw'])) {
|
|||||||
. 'PASSWORD';
|
. 'PASSWORD';
|
||||||
|
|
||||||
// in $sql_query which will be displayed, hide the password
|
// in $sql_query which will be displayed, hide the password
|
||||||
$sql_query = 'SET PASSWORD FOR \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $pma_pw) . '\')');
|
$sql_query = 'SET PASSWORD FOR \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $pma_pw) . '\')');
|
||||||
$local_query = 'SET PASSWORD FOR \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddslashes($pma_pw) . '\')');
|
$local_query = 'SET PASSWORD FOR \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddslashes($pma_pw) . '\')');
|
||||||
PMA_DBI_try_query($local_query)
|
PMA_DBI_try_query($local_query)
|
||||||
or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, FALSE, $err_url);
|
or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, FALSE, $err_url);
|
||||||
$message = PMA_Message::success('strPasswordChanged');
|
$message = PMA_Message::success('strPasswordChanged');
|
||||||
@@ -1230,7 +1230,7 @@ if (isset($_REQUEST['delete']) || (isset($_REQUEST['change_copy']) && $_REQUEST[
|
|||||||
foreach ($selected_usr as $each_user) {
|
foreach ($selected_usr as $each_user) {
|
||||||
list($this_user, $this_host) = explode('', $each_user);
|
list($this_user, $this_host) = explode('', $each_user);
|
||||||
$queries[] = '# ' . sprintf($GLOBALS['strDeleting'], '\'' . $this_user . '\'@\'' . $this_host . '\'') . ' ...';
|
$queries[] = '# ' . sprintf($GLOBALS['strDeleting'], '\'' . $this_user . '\'@\'' . $this_host . '\'') . ' ...';
|
||||||
$queries[] = 'DROP USER \'' . PMA_sqlAddslashes($this_user) . '\'@\'' . $this_host . '\';';
|
$queries[] = 'DROP USER \'' . PMA_sqlAddslashes($this_user) . '\'@\'' . PMA_sqlAddslashes($this_host) . '\';';
|
||||||
|
|
||||||
if (isset($_REQUEST['drop_users_db'])) {
|
if (isset($_REQUEST['drop_users_db'])) {
|
||||||
$queries[] = 'DROP DATABASE IF EXISTS ' . PMA_backquote($this_user) . ';';
|
$queries[] = 'DROP DATABASE IF EXISTS ' . PMA_backquote($this_user) . ';';
|
||||||
|
|||||||
Reference in New Issue
Block a user