From fde2f613ad402e442a3b54d628ad85444faaeabe Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Wed, 17 May 2006 10:33:23 +0000
Subject: bug #1478812, Add new user, password containing backslash

---
 server_privileges.php | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

(limited to 'server_privileges.php')

diff --git a/server_privileges.php b/server_privileges.php
index 3f6a310985..aa887c76b0 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -764,15 +764,12 @@ if (!empty($adduser_submit) || !empty($change_copy)) {
             'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \''
             . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';
         if ($pred_password != 'none' && $pred_password != 'keep') {
-            $pma_pw_hidden = '';
-            for ($i = 0; $i < strlen($pma_pw); $i++) {
-                $pma_pw_hidden .= '*';
-            }
+            $pma_pw_hidden = str_repeat('*', strlen($pma_pw));
             $sql_query = $real_sql_query . ' IDENTIFIED BY \'' . $pma_pw_hidden . '\'';
-            $real_sql_query .= ' IDENTIFIED BY \'' . $pma_pw . '\'';
+            $real_sql_query .= ' IDENTIFIED BY \'' . PMA_sqlAddslashes($pma_pw) . '\'';
             if ( isset( $create_user_real ) ) {
                 $create_user_show = $create_user_real . ' IDENTIFIED BY \'' . $pma_pw_hidden . '\'';
-                $create_user_real .= ' IDENTIFIED BY \'' . $pma_pw . '\'';
+                $create_user_real .= ' IDENTIFIED BY \'' . PMA_sqlAddslashes($pma_pw) . '\'';
             }
         } else {
             if ($pred_password == 'keep' && !empty($password)) {
-- 
cgit v1.2.3