diff options
-rw-r--r-- | libraries/server_privileges.lib.php | 171 | ||||
-rw-r--r-- | test/libraries/PMA_server_privileges_test.php | 17 |
2 files changed, 79 insertions, 109 deletions
diff --git a/libraries/server_privileges.lib.php b/libraries/server_privileges.lib.php index ec4aec0939..c103d79d66 100644 --- a/libraries/server_privileges.lib.php +++ b/libraries/server_privileges.lib.php @@ -4904,25 +4904,27 @@ function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password) { $slashedUsername = PMA_Util::sqlAddSlashes($username); $slashedHostname = PMA_Util::sqlAddSlashes($hostname); - - // '%' character causes binding problems with sprintf - // and therefore has to be escaped using an extra '%' - $escapedHostname = $hostname; - $escapedUsername = $username; - if (strpos($hostname, '%') !== false) { - $escapedHostname = str_replace('%', '%%', $hostname); - } - if (strpos($username, '%') !== false) { - $escapedUsername = str_replace('%', '%%', $username); - } - $slashedEscapedUsername = PMA_Util::sqlAddSlashes($escapedUsername); - $slashedEscapedHostname = PMA_Util::sqlAddSlashes($escapedHostname); + $slashedPassword = PMA_Util::sqlAddSlashes($password); $create_user_stmt = sprintf( 'CREATE USER \'%s\'@\'%s\'', - $slashedEscapedUsername, - $slashedEscapedHostname + $slashedUsername, + $slashedHostname ); + + if (PMA_MYSQL_INT_VERSION >= 50507 + && isset($_REQUEST['authentication_plugin']) + ) { + $create_user_stmt .= ' IDENTIFIED WITH ' + . $_REQUEST['authentication_plugin']; + } + if (PMA_MYSQL_INT_VERSION >= 50707 + && strpos($create_user_stmt, '%') !== false + ) { + $create_user_stmt = str_replace( + '%', '%%', $create_user_stmt + ); + } $create_user_real = $create_user_show = $create_user_stmt; $password_set_stmt = 'SET PASSWORD FOR \'%s\'@\'%s\' = PASSWORD(\'%s\')'; @@ -4942,98 +4944,61 @@ function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password) ); $real_sql_query = $sql_query = $sql_query_stmt; - //@todo Following blocks should be delegated to another function and factorized. - //There are too much duplication here. - if ($_POST['pred_password'] != 'none' && $_POST['pred_password'] != 'keep') { - $slashedPassword = PMA_Util::sqlAddSlashes($_POST['pma_pw']); - if (isset($_REQUEST['authentication_plugin']) - && $_REQUEST['authentication_plugin'] - ) { - if (PMA_MYSQL_INT_VERSION >= 50700) { - $create_user_stmt .= ' IDENTIFIED WITH ' - . $_REQUEST['authentication_plugin'] . ' BY \'%s\''; - $create_user_show = sprintf($create_user_stmt, '***'); - $create_user_real = sprintf( - $create_user_stmt, - $slashedPassword - ); - } else { - $create_user_stmt .= ' IDENTIFIED WITH ' - . $_REQUEST['authentication_plugin']; - $create_user_show = $create_user_real = $create_user_stmt; - } + if (PMA_MYSQL_INT_VERSION < 50707) { + if ($_POST['pred_password'] == 'keep') { + $password_set_real = sprintf( + $password_set_stmt, + $slashedUsername, + $slashedHostname, + $slashedPassword + ); + } else if ($_POST['pred_password'] == 'none') { + $password_set_real = sprintf( + $password_set_stmt, + $slashedUsername, + $slashedHostname, + null + ); } else { - $sql_query_stmt .= ' IDENTIFIED BY \'%s\' '; - $sql_query = sprintf($sql_query_stmt, '***'); - $real_sql_query = sprintf($sql_query_stmt, $slashedPassword); + $password_set_real = sprintf( + $password_set_stmt, + $slashedUsername, + $slashedHostname, + $_POST['pma_pw'] + ); } - $password_set_real = sprintf( - $password_set_stmt, - $slashedUsername, - $slashedHostname, - $slashedPassword - ); } else { - $slashedPassword = PMA_Util::sqlAddSlashes($password); - if ($_POST['pred_password'] == 'keep' && ! empty($password)) { - if (isset($_REQUEST['authentication_plugin']) - && $_REQUEST['authentication_plugin'] - ) { - if (PMA_MYSQL_INT_VERSION >= 50700) { - $create_user_stmt .= ' IDENTIFIED WITH ' - . $_REQUEST['authentication_plugin'] . ' BY \'%s\''; - $create_user_show = sprintf($create_user_stmt, '***'); - $create_user_real = sprintf( - $create_user_stmt, - $slashedPassword - ); - } else { - $create_user_stmt .= ' IDENTIFIED WITH ' - . $_REQUEST['authentication_plugin']; - $create_user_show = $create_user_real = $create_user_stmt; - } + $password_set_real = null; + $create_user_stmt .= ' BY \'%s\''; + $create_user_real = $create_user_show = $create_user_stmt; - $password_set_real = sprintf( - $password_set_stmt, - $slashedUsername, - $slashedHostname, - $slashedPassword - ); - } else { - $sql_query_stmt .= ' IDENTIFIED BY \'%s\' '; - $sql_query = sprintf($sql_query_stmt, '***'); - $real_sql_query = sprintf($sql_query_stmt, $slashedPassword); - $password_set_real = null; - } - } elseif ($_POST['pred_password'] == 'keep' && empty($password)) { - if (isset($_REQUEST['authentication_plugin']) - && $_REQUEST['authentication_plugin'] - ) { - if (PMA_MYSQL_INT_VERSION >= 50700) { - $create_user_stmt .= ' IDENTIFIED WITH ' - . $_REQUEST['authentication_plugin'] . ' BY \'%s\''; - $create_user_show = sprintf($create_user_stmt, '***'); - $create_user_real = sprintf( - $create_user_stmt, - null - ); - } else { - $create_user_stmt .= ' IDENTIFIED WITH ' - . $_REQUEST['authentication_plugin']; - $create_user_show = $create_user_real = $create_user_stmt; - } - $password_set_real = sprintf( - $password_set_stmt, - $slashedUsername, - $slashedHostname, - null - ); - } else { - $sql_query_stmt .= ' IDENTIFIED BY \'%s\' '; - $sql_query = sprintf($sql_query_stmt, '***'); - $real_sql_query = sprintf($sql_query_stmt, null); - $password_set_real = null; - } + if ($_POST['pred_password'] == 'keep') { + $create_user_real = sprintf( + $create_user_stmt, + $password + ); + $create_user_show = sprintf( + $create_user_stmt, + '***' + ); + } else if ($_POST['pred_password'] == 'none') { + $create_user_real = sprintf( + $create_user_stmt, + null + ); + $create_user_show = sprintf( + $create_user_stmt, + '***' + ); + } else { + $create_user_real = sprintf( + $create_user_stmt, + $_POST['pma_pw'] + ); + $create_user_show = sprintf( + $create_user_stmt, + '***' + ); } } diff --git a/test/libraries/PMA_server_privileges_test.php b/test/libraries/PMA_server_privileges_test.php index 6e131c48b9..b9adae6446 100644 --- a/test/libraries/PMA_server_privileges_test.php +++ b/test/libraries/PMA_server_privileges_test.php @@ -630,6 +630,7 @@ class PMA_ServerPrivileges_Test extends PHPUnit_Framework_TestCase $_REQUEST['adduser_submit'] = true; $_POST['pred_username'] = 'any'; $_POST['pred_hostname'] = 'localhost'; + $_POST['pred_password'] = 'keep'; $_REQUEST['createdb-3'] = true; $_REQUEST['authentication_plugin'] = 'mysql_native_password'; @@ -639,11 +640,13 @@ class PMA_ServerPrivileges_Test extends PHPUnit_Framework_TestCase (isset ($password) ? $password : '') ); $this->assertEquals( - "CREATE USER 'pma_username'@'pma_hostname';", + "CREATE USER 'pma_username'@'pma_hostname' " + . "IDENTIFIED WITH mysql_native_password BY 'pma_password';", $create_user_real ); $this->assertEquals( - "CREATE USER 'pma_username'@'pma_hostname';", + "CREATE USER 'pma_username'@'pma_hostname' " + . "IDENTIFIED WITH mysql_native_password BY '***';", $create_user_show ); $this->assertEquals( @@ -669,6 +672,7 @@ class PMA_ServerPrivileges_Test extends PHPUnit_Framework_TestCase $_REQUEST['adduser_submit'] = true; $_POST['pred_username'] = 'any'; $_POST['pred_hostname'] = 'localhost'; + $_POST['pred_password'] = 'keep'; $_REQUEST['createdb-3'] = true; $_REQUEST['userGroup'] = "username"; $_REQUEST['authentication_plugin'] = 'mysql_native_password'; @@ -688,8 +692,8 @@ class PMA_ServerPrivileges_Test extends PHPUnit_Framework_TestCase $ret_message->getMessage() ); $this->assertEquals( - "CREATE USER ''@'localhost';GRANT USAGE ON *.* TO ''@'localhost' REQUIRE NONE;" - //. "SET PASSWORD FOR ''@'localhost' = PASSWORD('***');" + "CREATE USER ''@'localhost' IDENTIFIED WITH mysql_native_password BY '***';" + . "GRANT USAGE ON *.* TO ''@'localhost' REQUIRE NONE;" . "GRANT ALL PRIVILEGES ON `pma_dbname`.* TO ''@'localhost';", $sql_query ); @@ -934,6 +938,7 @@ class PMA_ServerPrivileges_Test extends PHPUnit_Framework_TestCase $username = "PMA_username"; $hostname = "PMA_hostname"; $password = "PMA_password"; + $_POST['pred_password'] = 'keep'; $dbname = "PMA_db"; list($create_user_real, $create_user_show, $real_sql_query, $sql_query) @@ -941,13 +946,13 @@ class PMA_ServerPrivileges_Test extends PHPUnit_Framework_TestCase //validate 1: $create_user_real $this->assertEquals( - "CREATE USER 'PMA_username'@'PMA_hostname';", + "CREATE USER 'PMA_username'@'PMA_hostname' BY 'PMA_password';", $create_user_real ); //validate 2: $create_user_show $this->assertEquals( - "CREATE USER 'PMA_username'@'PMA_hostname';", + "CREATE USER 'PMA_username'@'PMA_hostname' BY '***';", $create_user_show ); |