mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-12 09:34:10 +02:00
Code Issues Releases Wiki Activity

Substitute table name to $TABLE

Browse Source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1047 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2009-08-29 13:57:50 +00:00
parent e43156e863
commit 79d1902812
15 changed files with 124 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
adminer/user.inc.php
View File

@@ -1,4 +1,5 @@
<?php
$USER = $_GET["user"];
$privileges = array("" => array("All privileges" => ""));
$result = $dbh->query("SHOW PRIVILEGES");
while ($row = $result->fetch_assoc()) {
@@ -40,7 +41,7 @@ if ($_POST) {
}
$grants = array();
$old_pass = "";
if (isset($_GET["host"]) && ($result = $dbh->query("SHOW GRANTS FOR " . $dbh->quote($_GET["user"]) . "@" . $dbh->quote($_GET["host"])))) { //! use information_schema for MySQL 5 - column names in column privileges are not escaped
if (isset($_GET["host"]) && ($result = $dbh->query("SHOW GRANTS FOR " . $dbh->quote($USER) . "@" . $dbh->quote($_GET["host"])))) { //! use information_schema for MySQL 5 - column names in column privileges are not escaped
while ($row = $result->fetch_row()) {
if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match) && preg_match_all('~ *([^(,]*[^ ,(])( *\\([^)]+\\))?~', $match[1], $matches, PREG_SET_ORDER)) { //! escape the part between ON and TO
foreach ($matches as $val) {
@@ -57,7 +58,7 @@ if (isset($_GET["host"]) && ($result = $dbh->query("SHOW GRANTS FOR " . $dbh->qu
}
if ($_POST && !$error) {
$old_user = (isset($_GET["host"]) ? $dbh->quote($_GET["user"]) . "@" . $dbh->quote($_GET["host"]) : "''");
$old_user = (isset($_GET["host"]) ? $dbh->quote($USER) . "@" . $dbh->quote($_GET["host"]) : "''");
$new_user = $dbh->quote($_POST["user"]) . "@" . $dbh->quote($_POST["host"]); // if $_GET["host"] is not set then $new_user is always different
$pass = $dbh->quote($_POST["pass"]);
if ($_POST["drop"]) {
@@ -112,7 +113,7 @@ if ($_POST && !$error) {
}
}
page_header((isset($_GET["host"]) ? lang('Username') . ": " . h("$_GET[user]@$_GET[host]") : lang('Create user')), $error, array("privileges" => array('', lang('Privileges'))));
page_header((isset($_GET["host"]) ? lang('Username') . ": " . h("$USER@$_GET[host]") : lang('Create user')), $error, array("privileges" => array('', lang('Privileges'))));
if ($_POST) {
$row = $_POST;