Fix exception for invalid db and table names for the privileges page

Related to #17729 Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
author: Maurício Meneghini Fauth <mauricio@fauth.dev> 2022-10-01 02:48:21 +0300
committer: Maurício Meneghini Fauth <mauricio@fauth.dev> 2022-10-01 02:49:21 +0300
commit: 135cd76d3b3d4a2ce805434632b286c915ad6dc9 (patch)
tree: 0a74b10b7b660ba2dacc59462563af784c39570a /libraries/classes
parent: 0f9c79ebed13cef1430c32fb886e0681fcd270be (diff)
2 files changed, 25 insertions, 15 deletions
diff --git a/libraries/classes/Controllers/Database/PrivilegesController.php b/libraries/classes/Controllers/Database/PrivilegesController.php
index 1c660b8123..9f01338252 100644
--- a/libraries/classes/Controllers/Database/PrivilegesController.php
+++ b/libraries/classes/Controllers/Database/PrivilegesController.php
@@ -11,6 +11,7 @@ use PhpMyAdmin\CheckUserPrivileges;
 use PhpMyAdmin\Controllers\AbstractController;
 use PhpMyAdmin\DatabaseInterface;
 use PhpMyAdmin\Dbal\DatabaseName;
+use PhpMyAdmin\Dbal\InvalidDatabaseName;
 use PhpMyAdmin\Http\ServerRequest;
 use PhpMyAdmin\Message;
 use PhpMyAdmin\ResponseRenderer;
@@ -47,7 +48,16 @@ class PrivilegesController extends AbstractController
 
     public function __invoke(ServerRequest $request): void
     {
-        $GLOBALS['text_dir'] = $GLOBALS['text_dir'] ?? null;
+        try {
+            $db = DatabaseName::fromValue($request->getParam('db'));
+            if ($this->dbi->getLowerCaseNames() === '1') {
+                $db = DatabaseName::fromValue(mb_strtolower($db->getName()));
+            }
+        } catch (InvalidDatabaseName $exception) {
+            $this->response->addHTML(Message::error($exception->getMessage())->getDisplay());
+
+            return;
+        }
 
         $checkUserPrivileges = new CheckUserPrivileges($this->dbi);
         $checkUserPrivileges->getPrivileges();
@@ -91,18 +101,13 @@ class PrivilegesController extends AbstractController
             $GLOBALS['tooltip_truename'],
             $GLOBALS['tooltip_aliasname'],
             $GLOBALS['pos'],
-        ] = Util::getDbInfo($GLOBALS['db'], $GLOBALS['sub_part']);
+        ] = Util::getDbInfo($db->getName(), $GLOBALS['sub_part']);
 
         $content = ob_get_clean();
         $this->response->addHTML($content . "\n");
 
         $scriptName = Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabDatabase'], 'database');
 
-        $db = DatabaseName::fromValue($GLOBALS['db']);
-        if ($this->dbi->getLowerCaseNames() === '1') {
-            $db = DatabaseName::fromValue(mb_strtolower($GLOBALS['db']));
-        }
-
         $privileges = [];
         if ($this->dbi->isSuperUser()) {
             $privileges = $this->privileges->getAllPrivileges($db);
diff --git a/libraries/classes/Controllers/Table/PrivilegesController.php b/libraries/classes/Controllers/Table/PrivilegesController.php
index abb82a78ba..c752c8f99b 100644
--- a/libraries/classes/Controllers/Table/PrivilegesController.php
+++ b/libraries/classes/Controllers/Table/PrivilegesController.php
@@ -11,6 +11,7 @@ use PhpMyAdmin\CheckUserPrivileges;
 use PhpMyAdmin\Controllers\AbstractController;
 use PhpMyAdmin\DatabaseInterface;
 use PhpMyAdmin\Dbal\DatabaseName;
+use PhpMyAdmin\Dbal\InvalidIdentifierName;
 use PhpMyAdmin\Dbal\TableName;
 use PhpMyAdmin\Http\ServerRequest;
 use PhpMyAdmin\Message;
@@ -46,7 +47,18 @@ class PrivilegesController extends AbstractController
 
     public function __invoke(ServerRequest $request): void
     {
-        $GLOBALS['text_dir'] = $GLOBALS['text_dir'] ?? null;
+        try {
+            $db = DatabaseName::fromValue($request->getParam('db'));
+            $table = TableName::fromValue($request->getParam('table'));
+            if ($this->dbi->getLowerCaseNames() === '1') {
+                $db = DatabaseName::fromValue(mb_strtolower($db->getName()));
+                $table = TableName::fromValue(mb_strtolower($table->getName()));
+            }
+        } catch (InvalidIdentifierName $exception) {
+            $this->response->addHTML(Message::error($exception->getMessage())->getDisplay());
+
+            return;
+        }
 
         $checkUserPrivileges = new CheckUserPrivileges($this->dbi);
         $checkUserPrivileges->getPrivileges();
@@ -80,13 +92,6 @@ class PrivilegesController extends AbstractController
 
         $scriptName = Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabTable'], 'table');
 
-        $db = DatabaseName::fromValue($GLOBALS['db']);
-        $table = TableName::fromValue($GLOBALS['table']);
-        if ($this->dbi->getLowerCaseNames() === '1') {
-            $db = DatabaseName::fromValue(mb_strtolower($GLOBALS['db']));
-            $table = TableName::fromValue(mb_strtolower($GLOBALS['table']));
-        }
-
         $privileges = [];
         if ($this->dbi->isSuperUser()) {
             $privileges = $this->privileges->getAllPrivileges($db, $table);
author	Maurício Meneghini Fauth <mauricio@fauth.dev>	2022-10-01 02:48:21 +0300
committer	Maurício Meneghini Fauth <mauricio@fauth.dev>	2022-10-01 02:49:21 +0300
commit	135cd76d3b3d4a2ce805434632b286c915ad6dc9 (patch)
tree	0a74b10b7b660ba2dacc59462563af784c39570a /libraries/classes
parent	0f9c79ebed13cef1430c32fb886e0681fcd270be (diff)