From fde2f613ad402e442a3b54d628ad85444faaeabe Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Wed, 17 May 2006 10:33:23 +0000 Subject: [PATCH] bug #1478812, Add new user, password containing backslash --- ChangeLog | 4 ++++ server_privileges.php | 9 +++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index a2107a653..886fa6110 100755 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ phpMyAdmin - ChangeLog $Id$ $Source$ +2006-05-17 Marc Delisle + * server_privileges.php: bug #1478812, Add user (password containing + a backslash); also minor optimization + 2006-05-15 Marc Delisle * libraries/Table.class.php: bug #1475949, removing the default value diff --git a/server_privileges.php b/server_privileges.php index 3f6a31098..aa887c76b 100644 --- a/server_privileges.php +++ b/server_privileges.php @@ -764,15 +764,12 @@ if (!empty($adduser_submit) || !empty($change_copy)) { 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\''; if ($pred_password != 'none' && $pred_password != 'keep') { - $pma_pw_hidden = ''; - for ($i = 0; $i < strlen($pma_pw); $i++) { - $pma_pw_hidden .= '*'; - } + $pma_pw_hidden = str_repeat('*', strlen($pma_pw)); $sql_query = $real_sql_query . ' IDENTIFIED BY \'' . $pma_pw_hidden . '\''; - $real_sql_query .= ' IDENTIFIED BY \'' . $pma_pw . '\''; + $real_sql_query .= ' IDENTIFIED BY \'' . PMA_sqlAddslashes($pma_pw) . '\''; if ( isset( $create_user_real ) ) { $create_user_show = $create_user_real . ' IDENTIFIED BY \'' . $pma_pw_hidden . '\''; - $create_user_real .= ' IDENTIFIED BY \'' . $pma_pw . '\''; + $create_user_real .= ' IDENTIFIED BY \'' . PMA_sqlAddslashes($pma_pw) . '\''; } } else { if ($pred_password == 'keep' && !empty($password)) {