Skip to content

Instantly share code, notes, and snippets.

@ibennetch

ibennetch/versions_4.2-4.5.patch

Created January 8, 2020 02:33
Show Gist options
  • Save ibennetch/4c1b701f4b766e4dd5556e8e26200b6b to your computer and use it in GitHub Desktop.
Save ibennetch/4c1b701f4b766e4dd5556e8e26200b6b to your computer and use it in GitHub Desktop.
Download ZIP
PMASA-2020-1
Raw
versions_4.2-4.5.patch
diff --git a/libraries/server_privileges.lib.php b/libraries/server_privileges.lib.php
index 86c46ef6f7..1bf7b6e07b 100644
--- a/libraries/server_privileges.lib.php
+++ b/libraries/server_privileges.lib.php
@@ -2448,7 +2448,7 @@ function PMA_getExtraDataForAjaxBehavior(
if (isset($_REQUEST['validate_username'])) {
$sql_query = "SELECT * FROM `mysql`.`user` WHERE `User` = '"
- . $_REQUEST['username'] . "';";
+ . PMA_Util::sqlAddSlashes($_REQUEST['username']) . "';";
$res = $GLOBALS['dbi']->query($sql_query);
$row = $GLOBALS['dbi']->fetchRow($res);
if (empty($row)) {
Raw
versions_4.6-4.7.patch
diff --git a/libraries/server_privileges.lib.php b/libraries/server_privileges.lib.php
index 86c46ef6f7..1bf7b6e07b 100644
--- a/libraries/server_privileges.lib.php
+++ b/libraries/server_privileges.lib.php
@@ -2448,7 +2448,7 @@ function PMA_getExtraDataForAjaxBehavior(
if (isset($_REQUEST['validate_username'])) {
$sql_query = "SELECT * FROM `mysql`.`user` WHERE `User` = '"
- . $_REQUEST['username'] . "';";
+ . $GLOBALS['dbi']->escapeString($_REQUEST['username']) . "';";
$res = $GLOBALS['dbi']->query($sql_query);
$row = $GLOBALS['dbi']->fetchRow($res);
if (empty($row)) {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment