Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/phpmyadmin/phpmyadmin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--libraries/server_privileges.lib.php171
-rw-r--r--test/libraries/PMA_server_privileges_test.php17
2 files changed, 79 insertions, 109 deletions
diff --git a/libraries/server_privileges.lib.php b/libraries/server_privileges.lib.php
index ec4aec0939..c103d79d66 100644
--- a/libraries/server_privileges.lib.php
+++ b/libraries/server_privileges.lib.php
@@ -4904,25 +4904,27 @@ function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
{
$slashedUsername = PMA_Util::sqlAddSlashes($username);
$slashedHostname = PMA_Util::sqlAddSlashes($hostname);
-
- // '%' character causes binding problems with sprintf
- // and therefore has to be escaped using an extra '%'
- $escapedHostname = $hostname;
- $escapedUsername = $username;
- if (strpos($hostname, '%') !== false) {
- $escapedHostname = str_replace('%', '%%', $hostname);
- }
- if (strpos($username, '%') !== false) {
- $escapedUsername = str_replace('%', '%%', $username);
- }
- $slashedEscapedUsername = PMA_Util::sqlAddSlashes($escapedUsername);
- $slashedEscapedHostname = PMA_Util::sqlAddSlashes($escapedHostname);
+ $slashedPassword = PMA_Util::sqlAddSlashes($password);
$create_user_stmt = sprintf(
'CREATE USER \'%s\'@\'%s\'',
- $slashedEscapedUsername,
- $slashedEscapedHostname
+ $slashedUsername,
+ $slashedHostname
);
+
+ if (PMA_MYSQL_INT_VERSION >= 50507
+ && isset($_REQUEST['authentication_plugin'])
+ ) {
+ $create_user_stmt .= ' IDENTIFIED WITH '
+ . $_REQUEST['authentication_plugin'];
+ }
+ if (PMA_MYSQL_INT_VERSION >= 50707
+ && strpos($create_user_stmt, '%') !== false
+ ) {
+ $create_user_stmt = str_replace(
+ '%', '%%', $create_user_stmt
+ );
+ }
$create_user_real = $create_user_show = $create_user_stmt;
$password_set_stmt = 'SET PASSWORD FOR \'%s\'@\'%s\' = PASSWORD(\'%s\')';
@@ -4942,98 +4944,61 @@ function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
);
$real_sql_query = $sql_query = $sql_query_stmt;
- //@todo Following blocks should be delegated to another function and factorized.
- //There are too much duplication here.
- if ($_POST['pred_password'] != 'none' && $_POST['pred_password'] != 'keep') {
- $slashedPassword = PMA_Util::sqlAddSlashes($_POST['pma_pw']);
- if (isset($_REQUEST['authentication_plugin'])
- && $_REQUEST['authentication_plugin']
- ) {
- if (PMA_MYSQL_INT_VERSION >= 50700) {
- $create_user_stmt .= ' IDENTIFIED WITH '
- . $_REQUEST['authentication_plugin'] . ' BY \'%s\'';
- $create_user_show = sprintf($create_user_stmt, '***');
- $create_user_real = sprintf(
- $create_user_stmt,
- $slashedPassword
- );
- } else {
- $create_user_stmt .= ' IDENTIFIED WITH '
- . $_REQUEST['authentication_plugin'];
- $create_user_show = $create_user_real = $create_user_stmt;
- }
+ if (PMA_MYSQL_INT_VERSION < 50707) {
+ if ($_POST['pred_password'] == 'keep') {
+ $password_set_real = sprintf(
+ $password_set_stmt,
+ $slashedUsername,
+ $slashedHostname,
+ $slashedPassword
+ );
+ } else if ($_POST['pred_password'] == 'none') {
+ $password_set_real = sprintf(
+ $password_set_stmt,
+ $slashedUsername,
+ $slashedHostname,
+ null
+ );
} else {
- $sql_query_stmt .= ' IDENTIFIED BY \'%s\' ';
- $sql_query = sprintf($sql_query_stmt, '***');
- $real_sql_query = sprintf($sql_query_stmt, $slashedPassword);
+ $password_set_real = sprintf(
+ $password_set_stmt,
+ $slashedUsername,
+ $slashedHostname,
+ $_POST['pma_pw']
+ );
}
- $password_set_real = sprintf(
- $password_set_stmt,
- $slashedUsername,
- $slashedHostname,
- $slashedPassword
- );
} else {
- $slashedPassword = PMA_Util::sqlAddSlashes($password);
- if ($_POST['pred_password'] == 'keep' && ! empty($password)) {
- if (isset($_REQUEST['authentication_plugin'])
- && $_REQUEST['authentication_plugin']
- ) {
- if (PMA_MYSQL_INT_VERSION >= 50700) {
- $create_user_stmt .= ' IDENTIFIED WITH '
- . $_REQUEST['authentication_plugin'] . ' BY \'%s\'';
- $create_user_show = sprintf($create_user_stmt, '***');
- $create_user_real = sprintf(
- $create_user_stmt,
- $slashedPassword
- );
- } else {
- $create_user_stmt .= ' IDENTIFIED WITH '
- . $_REQUEST['authentication_plugin'];
- $create_user_show = $create_user_real = $create_user_stmt;
- }
+ $password_set_real = null;
+ $create_user_stmt .= ' BY \'%s\'';
+ $create_user_real = $create_user_show = $create_user_stmt;
- $password_set_real = sprintf(
- $password_set_stmt,
- $slashedUsername,
- $slashedHostname,
- $slashedPassword
- );
- } else {
- $sql_query_stmt .= ' IDENTIFIED BY \'%s\' ';
- $sql_query = sprintf($sql_query_stmt, '***');
- $real_sql_query = sprintf($sql_query_stmt, $slashedPassword);
- $password_set_real = null;
- }
- } elseif ($_POST['pred_password'] == 'keep' && empty($password)) {
- if (isset($_REQUEST['authentication_plugin'])
- && $_REQUEST['authentication_plugin']
- ) {
- if (PMA_MYSQL_INT_VERSION >= 50700) {
- $create_user_stmt .= ' IDENTIFIED WITH '
- . $_REQUEST['authentication_plugin'] . ' BY \'%s\'';
- $create_user_show = sprintf($create_user_stmt, '***');
- $create_user_real = sprintf(
- $create_user_stmt,
- null
- );
- } else {
- $create_user_stmt .= ' IDENTIFIED WITH '
- . $_REQUEST['authentication_plugin'];
- $create_user_show = $create_user_real = $create_user_stmt;
- }
- $password_set_real = sprintf(
- $password_set_stmt,
- $slashedUsername,
- $slashedHostname,
- null
- );
- } else {
- $sql_query_stmt .= ' IDENTIFIED BY \'%s\' ';
- $sql_query = sprintf($sql_query_stmt, '***');
- $real_sql_query = sprintf($sql_query_stmt, null);
- $password_set_real = null;
- }
+ if ($_POST['pred_password'] == 'keep') {
+ $create_user_real = sprintf(
+ $create_user_stmt,
+ $password
+ );
+ $create_user_show = sprintf(
+ $create_user_stmt,
+ '***'
+ );
+ } else if ($_POST['pred_password'] == 'none') {
+ $create_user_real = sprintf(
+ $create_user_stmt,
+ null
+ );
+ $create_user_show = sprintf(
+ $create_user_stmt,
+ '***'
+ );
+ } else {
+ $create_user_real = sprintf(
+ $create_user_stmt,
+ $_POST['pma_pw']
+ );
+ $create_user_show = sprintf(
+ $create_user_stmt,
+ '***'
+ );
}
}
diff --git a/test/libraries/PMA_server_privileges_test.php b/test/libraries/PMA_server_privileges_test.php
index 6e131c48b9..b9adae6446 100644
--- a/test/libraries/PMA_server_privileges_test.php
+++ b/test/libraries/PMA_server_privileges_test.php
@@ -630,6 +630,7 @@ class PMA_ServerPrivileges_Test extends PHPUnit_Framework_TestCase
$_REQUEST['adduser_submit'] = true;
$_POST['pred_username'] = 'any';
$_POST['pred_hostname'] = 'localhost';
+ $_POST['pred_password'] = 'keep';
$_REQUEST['createdb-3'] = true;
$_REQUEST['authentication_plugin'] = 'mysql_native_password';
@@ -639,11 +640,13 @@ class PMA_ServerPrivileges_Test extends PHPUnit_Framework_TestCase
(isset ($password) ? $password : '')
);
$this->assertEquals(
- "CREATE USER 'pma_username'@'pma_hostname';",
+ "CREATE USER 'pma_username'@'pma_hostname' "
+ . "IDENTIFIED WITH mysql_native_password BY 'pma_password';",
$create_user_real
);
$this->assertEquals(
- "CREATE USER 'pma_username'@'pma_hostname';",
+ "CREATE USER 'pma_username'@'pma_hostname' "
+ . "IDENTIFIED WITH mysql_native_password BY '***';",
$create_user_show
);
$this->assertEquals(
@@ -669,6 +672,7 @@ class PMA_ServerPrivileges_Test extends PHPUnit_Framework_TestCase
$_REQUEST['adduser_submit'] = true;
$_POST['pred_username'] = 'any';
$_POST['pred_hostname'] = 'localhost';
+ $_POST['pred_password'] = 'keep';
$_REQUEST['createdb-3'] = true;
$_REQUEST['userGroup'] = "username";
$_REQUEST['authentication_plugin'] = 'mysql_native_password';
@@ -688,8 +692,8 @@ class PMA_ServerPrivileges_Test extends PHPUnit_Framework_TestCase
$ret_message->getMessage()
);
$this->assertEquals(
- "CREATE USER ''@'localhost';GRANT USAGE ON *.* TO ''@'localhost' REQUIRE NONE;"
- //. "SET PASSWORD FOR ''@'localhost' = PASSWORD('***');"
+ "CREATE USER ''@'localhost' IDENTIFIED WITH mysql_native_password BY '***';"
+ . "GRANT USAGE ON *.* TO ''@'localhost' REQUIRE NONE;"
. "GRANT ALL PRIVILEGES ON `pma_dbname`.* TO ''@'localhost';",
$sql_query
);
@@ -934,6 +938,7 @@ class PMA_ServerPrivileges_Test extends PHPUnit_Framework_TestCase
$username = "PMA_username";
$hostname = "PMA_hostname";
$password = "PMA_password";
+ $_POST['pred_password'] = 'keep';
$dbname = "PMA_db";
list($create_user_real, $create_user_show, $real_sql_query, $sql_query)
@@ -941,13 +946,13 @@ class PMA_ServerPrivileges_Test extends PHPUnit_Framework_TestCase
//validate 1: $create_user_real
$this->assertEquals(
- "CREATE USER 'PMA_username'@'PMA_hostname';",
+ "CREATE USER 'PMA_username'@'PMA_hostname' BY 'PMA_password';",
$create_user_real
);
//validate 2: $create_user_show
$this->assertEquals(
- "CREATE USER 'PMA_username'@'PMA_hostname';",
+ "CREATE USER 'PMA_username'@'PMA_hostname' BY '***';",
$create_user_show
);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 05:46:51 +0300