diff options
author | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-10-01 02:48:21 +0300 |
---|---|---|
committer | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-10-01 02:49:21 +0300 |
commit | 135cd76d3b3d4a2ce805434632b286c915ad6dc9 (patch) | |
tree | 0a74b10b7b660ba2dacc59462563af784c39570a /libraries/classes | |
parent | 0f9c79ebed13cef1430c32fb886e0681fcd270be (diff) |
Fix exception for invalid db and table names for the privileges page
Related to #17729
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
Diffstat (limited to 'libraries/classes')
-rw-r--r-- | libraries/classes/Controllers/Database/PrivilegesController.php | 19 | ||||
-rw-r--r-- | libraries/classes/Controllers/Table/PrivilegesController.php | 21 |
2 files changed, 25 insertions, 15 deletions
diff --git a/libraries/classes/Controllers/Database/PrivilegesController.php b/libraries/classes/Controllers/Database/PrivilegesController.php index 1c660b8123..9f01338252 100644 --- a/libraries/classes/Controllers/Database/PrivilegesController.php +++ b/libraries/classes/Controllers/Database/PrivilegesController.php @@ -11,6 +11,7 @@ use PhpMyAdmin\CheckUserPrivileges; use PhpMyAdmin\Controllers\AbstractController; use PhpMyAdmin\DatabaseInterface; use PhpMyAdmin\Dbal\DatabaseName; +use PhpMyAdmin\Dbal\InvalidDatabaseName; use PhpMyAdmin\Http\ServerRequest; use PhpMyAdmin\Message; use PhpMyAdmin\ResponseRenderer; @@ -47,7 +48,16 @@ class PrivilegesController extends AbstractController public function __invoke(ServerRequest $request): void { - $GLOBALS['text_dir'] = $GLOBALS['text_dir'] ?? null; + try { + $db = DatabaseName::fromValue($request->getParam('db')); + if ($this->dbi->getLowerCaseNames() === '1') { + $db = DatabaseName::fromValue(mb_strtolower($db->getName())); + } + } catch (InvalidDatabaseName $exception) { + $this->response->addHTML(Message::error($exception->getMessage())->getDisplay()); + + return; + } $checkUserPrivileges = new CheckUserPrivileges($this->dbi); $checkUserPrivileges->getPrivileges(); @@ -91,18 +101,13 @@ class PrivilegesController extends AbstractController $GLOBALS['tooltip_truename'], $GLOBALS['tooltip_aliasname'], $GLOBALS['pos'], - ] = Util::getDbInfo($GLOBALS['db'], $GLOBALS['sub_part']); + ] = Util::getDbInfo($db->getName(), $GLOBALS['sub_part']); $content = ob_get_clean(); $this->response->addHTML($content . "\n"); $scriptName = Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabDatabase'], 'database'); - $db = DatabaseName::fromValue($GLOBALS['db']); - if ($this->dbi->getLowerCaseNames() === '1') { - $db = DatabaseName::fromValue(mb_strtolower($GLOBALS['db'])); - } - $privileges = []; if ($this->dbi->isSuperUser()) { $privileges = $this->privileges->getAllPrivileges($db); diff --git a/libraries/classes/Controllers/Table/PrivilegesController.php b/libraries/classes/Controllers/Table/PrivilegesController.php index abb82a78ba..c752c8f99b 100644 --- a/libraries/classes/Controllers/Table/PrivilegesController.php +++ b/libraries/classes/Controllers/Table/PrivilegesController.php @@ -11,6 +11,7 @@ use PhpMyAdmin\CheckUserPrivileges; use PhpMyAdmin\Controllers\AbstractController; use PhpMyAdmin\DatabaseInterface; use PhpMyAdmin\Dbal\DatabaseName; +use PhpMyAdmin\Dbal\InvalidIdentifierName; use PhpMyAdmin\Dbal\TableName; use PhpMyAdmin\Http\ServerRequest; use PhpMyAdmin\Message; @@ -46,7 +47,18 @@ class PrivilegesController extends AbstractController public function __invoke(ServerRequest $request): void { - $GLOBALS['text_dir'] = $GLOBALS['text_dir'] ?? null; + try { + $db = DatabaseName::fromValue($request->getParam('db')); + $table = TableName::fromValue($request->getParam('table')); + if ($this->dbi->getLowerCaseNames() === '1') { + $db = DatabaseName::fromValue(mb_strtolower($db->getName())); + $table = TableName::fromValue(mb_strtolower($table->getName())); + } + } catch (InvalidIdentifierName $exception) { + $this->response->addHTML(Message::error($exception->getMessage())->getDisplay()); + + return; + } $checkUserPrivileges = new CheckUserPrivileges($this->dbi); $checkUserPrivileges->getPrivileges(); @@ -80,13 +92,6 @@ class PrivilegesController extends AbstractController $scriptName = Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabTable'], 'table'); - $db = DatabaseName::fromValue($GLOBALS['db']); - $table = TableName::fromValue($GLOBALS['table']); - if ($this->dbi->getLowerCaseNames() === '1') { - $db = DatabaseName::fromValue(mb_strtolower($GLOBALS['db'])); - $table = TableName::fromValue(mb_strtolower($GLOBALS['table'])); - } - $privileges = []; if ($this->dbi->isSuperUser()) { $privileges = $this->privileges->getAllPrivileges($db, $table); |