Permalink
Browse files

Bug #4023 Requires wildcard EXECUTE/ALTER ROUTINE on DB to allow Proc…

…edures to be executed by user

Signed-off-by: Marc Delisle <marc@infomarc.info>
  • Loading branch information...
1 parent 730507b commit f18e06171009bdb1be99f7cfa4b2c859be08a9c9 @lem9 lem9 committed Dec 15, 2013
Showing with 36 additions and 31 deletions.
  1. +2 −0 ChangeLog
  2. +34 −31 libraries/rte/rte_list.lib.php
View
2 ChangeLog
@@ -7,6 +7,8 @@ phpMyAdmin - ChangeLog
- bug #4149 Js freezes in the management of replication
- bug #3903 Query fails when using aliases after ordering result
- bug #4181 Adding columns in table creation clears existing columns
+- bug #4023 Requires wildcard EXECUTE/ALTER ROUTINE on DB to allow
+Procedures to be executed by user
4.1.0.0 (2013-12-11)
+ rfe #499 On user creation, warn if the user already exists
View
65 libraries/rte/rte_list.lib.php
@@ -164,40 +164,43 @@ function PMA_RTN_getRowForList($routine, $rowclass = '')
}
$retval .= " </td>\n";
$retval .= " <td>\n";
- if ($routine['ROUTINE_DEFINITION'] !== null
- && PMA_Util::currentUserHasPrivilege('EXECUTE', $db)
- ) {
- // Check if he routine has any input parameters. If it does,
- // we will show a dialog to get values for these parameters,
- // otherwise we can execute it directly.
- $routine_details = PMA_RTN_getDataFromName(
- $routine['SPECIFIC_NAME'],
- $routine['ROUTINE_TYPE'],
- false
- );
- if ($routine !== false) {
- $execute_action = 'execute_routine';
- for ($i=0; $i<$routine_details['item_num_params']; $i++) {
- if ($routine_details['item_type'] == 'PROCEDURE'
- && $routine_details['item_param_dir'][$i] == 'OUT'
- ) {
- continue;
- }
- $execute_action = 'execute_dialog';
- break;
+
+ // There is a problem with PMA_Util::currentUserHasPrivilege():
+ // it does not detect all kinds of privileges, for example
+ // a direct privilege on a specific routine. So, at this point,
+ // we show the Execute link, hoping that the user has the correct rights.
+ // Also, information_schema might be hiding the ROUTINE_DEFINITION
+ // but a routine with no input parameters can be nonetheless executed.
+
+ // Check if he routine has any input parameters. If it does,
+ // we will show a dialog to get values for these parameters,
+ // otherwise we can execute it directly.
+ $routine_details = PMA_RTN_getDataFromName(
+ $routine['SPECIFIC_NAME'],
+ $routine['ROUTINE_TYPE'],
+ false
+ );
+ if ($routine !== false) {
+ $execute_action = 'execute_routine';
+ for ($i=0; $i<$routine_details['item_num_params']; $i++) {
+ if ($routine_details['item_type'] == 'PROCEDURE'
+ && $routine_details['item_param_dir'][$i] == 'OUT'
+ ) {
+ continue;
}
- $retval .= ' <a ' . $ajax_class['exec']
- . ' href="db_routines.php?'
- . $url_query
- . '&amp;' . $execute_action . '=1'
- . '&amp;item_name='
- . urlencode($routine['SPECIFIC_NAME'])
- . '&amp;' . $type_link
- . '">' . $titles['Execute'] . "</a>\n";
+ $execute_action = 'execute_dialog';
+ break;
}
- } else {
- $retval .= " {$titles['NoExecute']}\n";
+ $retval .= ' <a ' . $ajax_class['exec']
+ . ' href="db_routines.php?'
+ . $url_query
+ . '&amp;' . $execute_action . '=1'
+ . '&amp;item_name='
+ . urlencode($routine['SPECIFIC_NAME'])
+ . '&amp;' . $type_link
+ . '">' . $titles['Execute'] . "</a>\n";
}
+
$retval .= " </td>\n";
$retval .= " <td>\n";
$retval .= ' <a ' . $ajax_class['export']

0 comments on commit f18e061

Please sign in to comment.