Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 52467 Details for
Bug 83792
dev-db/phpmyadmin-2.6.1-pl2 incorrectly grants wildcard privileges on databases with underscore in their name
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
working patch
phpmyadmin.diff (text/plain), 3.87 KB, created by
Jakub Moc (RETIRED)
on 2005-03-02 08:30:04 UTC
(
hide
)
Description:
working patch
Filename:
MIME Type:
Creator:
Jakub Moc (RETIRED)
Created:
2005-03-02 08:30:04 UTC
Size:
3.87 KB
patch
obsolete
>=================================================================== >RCS file: /cvsroot/phpmyadmin/phpMyAdmin/server_privileges.php,v >retrieving revision 2.40 >retrieving revision 2.42 >diff -u -r2.40 -r2.42 >--- server_privileges.php 2004/11/21 13:11:26 2.40 >+++ server_privileges.php 2005/02/18 02:57:30 2.42 >@@ -1,5 +1,5 @@ > <?php >-/* $Id: server_privileges.php,v 2.40 2004/11/21 13:11:26 lem9 Exp $ */ >+/* $Id: server_privileges.php,v 2.42 2005/02/18 02:57:30 lem9 Exp $ */ > // vim: expandtab sw=4 ts=4 sts=4: > > /** >@@ -490,6 +490,22 @@ > . (empty($thishost) ? '' : 'else if (this.value == \'thishost\') { hostname.value = \'' . addslashes(htmlspecialchars($thishost)) . '\'; } ') > . 'else if (this.value == \'hosttable\') { hostname.value = \'\'; } else if (this.value == \'userdefined\') { hostname.focus(); hostname.select(); }">' . "\n"; > unset($row); >+ >+ // when we start editing a user, $GLOBALS['pred_hostname'] is not defined >+ if (!isset($GLOBALS['pred_hostname']) && isset($GLOBALS['hostname'])) { >+ switch (strtolower($GLOBALS['hostname'])) { >+ case 'localhost': >+ case '127.0.0.1': >+ $GLOBALS['pred_hostname'] = 'localhost'; >+ break; >+ case '%': >+ $GLOBALS['pred_hostname'] = 'any'; >+ break; >+ default: >+ $GLOBALS['pred_hostname'] = 'userdefined'; >+ break; >+ } >+ } > echo $spaces . ' <option value="any"' . ((isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'any') ? ' selected="selected"' : '') . '>' . $GLOBALS['strAnyHost'] . '</option>' . "\n" > . $spaces . ' <option value="localhost"' . ((isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'localhost') ? ' selected="selected"' : '') . '>' . $GLOBALS['strLocalhost'] . '</option>' . "\n"; > if (!empty($thishost)) { >@@ -713,18 +729,33 @@ > // escaping a wildcard character in a GRANT is only accepted at the global > // or database level, not at table level; this is why I remove > // the escaping character >- // Note: in the Database-specific privileges, we will have for example >+ // Note: in the phpMyAdmin list of Database-specific privileges, >+ // we will have for example > // test\_db SELECT (this one is for privileges on a db level) > // test_db USAGE (this one is for table-specific privileges) > // >- // It looks curious but reflects IMO the way MySQL works >+ // It looks curious but reflects the way MySQL works >+ >+ if (empty($dbname)) { >+ $db_and_table = '*.*'; >+ } else { >+ if (!empty($tablename)) { >+ $db_and_table = str_replace('\\','',PMA_backquote($dbname)) >+ . '.' . PMA_backquote($tablename); >+ } else { >+ // do not remove the escaping character when working at db level >+ $db_and_table = PMA_backquote($dbname) >+ . '.*'; >+ } >+ } >+ > >- $db_and_table = empty($dbname) ? '*.*' : str_replace('\\','',PMA_backquote($dbname)) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename)); > $sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';'; > if (!isset($Grant_priv) || $Grant_priv != 'Y') { > $sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';'; > } > $sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\''; >+ > if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && PMA_MYSQL_INT_VERSION >= 40002 && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) { > $sql_query2 .= 'WITH'; > if (isset($Grant_priv) && $Grant_priv == 'Y') {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=52467">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 83792
:
52466
| 52467
