Escape user and hostname when getting auth plugin

Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
phpmyadmin · Mar 5, 2020 · 89fbcd7 · 89fbcd7
1 parent 09c89ba
commit 89fbcd7
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/libraries/classes/Server/Privileges.php b/libraries/classes/Server/Privileges.php
@@ -1812,8 +1812,11 @@ public static function getCurrentAuthenticationPlugin(
             && $mode == 'change'
         ) {
             $row = $GLOBALS['dbi']->fetchSingleRow(
-                'SELECT `plugin` FROM `mysql`.`user` WHERE '
-                . '`User` = "' . $username . '" AND `Host` = "' . $hostname . '" LIMIT 1'
+                'SELECT `plugin` FROM `mysql`.`user` WHERE `User` = "'
+                . $GLOBALS['dbi']->escapeString($username)
+                . '" AND `Host` = "'
+                . $GLOBALS['dbi']->escapeString($hostname)
+                . '" LIMIT 1'
             );
             // Table 'mysql'.'user' may not exist for some previous
             // versions of MySQL - in that case consider fallback value
@@ -1824,8 +1827,11 @@ public static function getCurrentAuthenticationPlugin(
             list($username, $hostname) = $GLOBALS['dbi']->getCurrentUserAndHost();
 
             $row = $GLOBALS['dbi']->fetchSingleRow(
-                'SELECT `plugin` FROM `mysql`.`user` WHERE '
-                . '`User` = "' . $username . '" AND `Host` = "' . $hostname . '"'
+                'SELECT `plugin` FROM `mysql`.`user` WHERE `User` = "'
+                . $GLOBALS['dbi']->escapeString($username)
+                . '" AND `Host` = "'
+                . $GLOBALS['dbi']->escapeString($hostname)
+                . '"'
             );
             if (isset($row) && $row && ! empty($row['plugin'])) {
                 $authentication_plugin = $row['plugin'];