mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-09 08:06:59 +02:00
Code Issues Releases Wiki Activity

Fix revoking of old privileges

Browse Source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1348 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2010-03-19 13:57:20 +00:00
parent c19e09f8c0
commit 1ff155a046
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
adminer/user.inc.php
View File

@@ -22,7 +22,7 @@ foreach ($privileges["Tables"] as $key => $val) {
$new_grants = array();
if ($_POST) {
foreach ($_POST["objects"] as $key => $val) {
$new_grants[$val] = ((array) $new_grants[$val]) + ((array) $_POST["grants"][$key]);
$new_grants[$val] = (array) $new_grants[$val] + (array) $_POST["grants"][$key];
}
}
$grants = array();
@@ -31,7 +31,9 @@ if (isset($_GET["host"]) && ($result = $connection->query("SHOW GRANTS FOR " . $
while ($row = $result->fetch_row()) {
if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match) && preg_match_all('~ *([^(,]*[^ ,(])( *\\([^)]+\\))?~', $match[1], $matches, PREG_SET_ORDER)) { //! escape the part between ON and TO
foreach ($matches as $val) {
$grants["$match[2]$val[2]"][$val[1]] = true;
if ($val[1] != "USAGE") {
$grants["$match[2]$val[2]"][$val[1]] = true;
}
if (ereg(' WITH GRANT OPTION', $row[0])) { //! don't check inside strings and identifiers
$grants["$match[2]$val[2]"]["GRANT OPTION"] = true;
}
@@ -86,7 +88,7 @@ if ($_POST && !$error) {
} elseif (!isset($_GET["grant"])) {
foreach ($grants as $object => $revoke) {
if (preg_match('~^(.+)(\\(.*\\))?$~U', $object, $match)) {
queries("REVOKE " . grant(array_keys($revoke), $match[2]) . " ON $match[1] FROM $new_user");
grant("REVOKE", array_keys($revoke), $match[2], " ON $match[1] FROM $new_user");
}
}
}
@@ -124,7 +126,7 @@ if ($_POST) {
<?php
//! MAX_* limits, REQUIRE
echo "<table cellspacing='0'>\n";
echo "<thead><tr><th colspan='2'>" . lang('Privileges');
echo "<thead><tr><th colspan='2'><a href='http://dev.mysql.com/doc/refman/" . substr($connection->server_info, 0, 3) . "/en/grant.html'>" . lang('Privileges') . "</a>";
$i = 0;
foreach ($grants as $object => $grant) {
echo '<th>' . ($object != "*.*" ? "<input name='objects[$i]' value='" . h($object) . "' size='10'>" : "<input type='hidden' name='objects[$i]' value='*.*' size='10'>*.*"); //! separate db, table, columns, PROCEDURE|FUNCTION, routine