diff options
author | Sebastian Mendel <cybot_tm@users.sourceforge.net> | 2007-11-09 10:41:47 +0300 |
---|---|---|
committer | Sebastian Mendel <cybot_tm@users.sourceforge.net> | 2007-11-09 10:41:47 +0300 |
commit | d35c14a0a9126353971878cc3a34cb1764fb49fd (patch) | |
tree | 922a8e29f05c92049d206966e792bec3aaa0df08 /server_privileges.php | |
parent | 1701c0c9222a7744bc523762ddefd9b621e1e846 (diff) |
fixed possible SQL injection using database name
Diffstat (limited to 'server_privileges.php')
-rw-r--r-- | server_privileges.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/server_privileges.php b/server_privileges.php index 012a8d15d7..23d174b986 100644 --- a/server_privileges.php +++ b/server_privileges.php @@ -2033,7 +2033,7 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) { . PMA_convert_using('`Db`') . ' AS `Db`, ' . $list_of_privileges .' FROM `mysql`.`db`' - .' WHERE ' . PMA_convert_using($checkprivs, 'quoted') + .' WHERE ' . PMA_convert_using(PMA_sqlAddslashes($checkprivs), 'quoted') .' LIKE ' . PMA_convert_using('`Db`') .' AND NOT (' . $list_of_compared_privileges. ')) ' .'UNION ' |