diff options
| author | Kamil Tekiela <tekiela246@gmail.com> | 2022-02-13 00:25:00 +0300 |
|---|---|---|
| committer | Kamil Tekiela <tekiela246@gmail.com> | 2022-02-13 21:03:34 +0300 |
| commit | f52634ef548d47ba36ca4cb908cf879ead48d6ba (patch) | |
| tree | 6d54046d12c810888b45a91d8afb1ae1ea3291ac /libraries/classes/Server | |
| parent | 7be18653aa7d65b6195461dc032a182e69c8cfc0 (diff) | |
Database name was string escaped during user creation
When using backquote() the string should not be escaped.
Signed-off-by: Kamil Tekiela <tekiela246@gmail.com>
Diffstat (limited to 'libraries/classes/Server')
| -rw-r--r-- | libraries/classes/Server/Privileges.php | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/libraries/classes/Server/Privileges.php b/libraries/classes/Server/Privileges.php index 3c59fbd3f3..86a9586204 100644 --- a/libraries/classes/Server/Privileges.php +++ b/libraries/classes/Server/Privileges.php @@ -3530,9 +3530,7 @@ class Privileges if (isset($_POST['createdb-1'])) { // Create database with same name and grant all privileges $q = 'CREATE DATABASE IF NOT EXISTS ' - . Util::backquote( - $this->dbi->escapeString($username) - ) . ';'; + . Util::backquote($username) . ';'; $sql_query .= $q; if (! $this->dbi->tryQuery($q)) { $message = Message::rawError((string) $this->dbi->getError()); @@ -3546,9 +3544,7 @@ class Privileges $q = 'GRANT ALL PRIVILEGES ON ' . Util::backquote( - Util::escapeMysqlWildcards( - $this->dbi->escapeString($username) - ) + Util::escapeMysqlWildcards($username) ) . '.* TO \'' . $this->dbi->escapeString($username) . '\'@\'' . $this->dbi->escapeString($hostname) . '\';'; @@ -3562,9 +3558,7 @@ class Privileges // Grant all privileges on wildcard name (username\_%) $q = 'GRANT ALL PRIVILEGES ON ' . Util::backquote( - Util::escapeMysqlWildcards( - $this->dbi->escapeString($username) - ) . '\_%' + Util::escapeMysqlWildcards($username) . '\_%' ) . '.* TO \'' . $this->dbi->escapeString($username) . '\'@\'' . $this->dbi->escapeString($hostname) . '\';'; |