Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/phpmyadmin/phpmyadmin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/server_privileges.php
diff options
context:
space:
mode:
authorSebastian Mendel <cybot_tm@users.sourceforge.net>2007-11-09 10:41:47 +0300
committerSebastian Mendel <cybot_tm@users.sourceforge.net>2007-11-09 10:41:47 +0300
commitd35c14a0a9126353971878cc3a34cb1764fb49fd (patch)
tree922a8e29f05c92049d206966e792bec3aaa0df08 /server_privileges.php
parent1701c0c9222a7744bc523762ddefd9b621e1e846 (diff)
fixed possible SQL injection using database name
Diffstat (limited to 'server_privileges.php')
-rw-r--r--server_privileges.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/server_privileges.php b/server_privileges.php
index 012a8d15d7..23d174b986 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -2033,7 +2033,7 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
. PMA_convert_using('`Db`') . ' AS `Db`, '
. $list_of_privileges
.' FROM `mysql`.`db`'
- .' WHERE ' . PMA_convert_using($checkprivs, 'quoted')
+ .' WHERE ' . PMA_convert_using(PMA_sqlAddslashes($checkprivs), 'quoted')
.' LIKE ' . PMA_convert_using('`Db`')
.' AND NOT (' . $list_of_compared_privileges. ')) '
.'UNION '
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 00:34:06 +0300