Adjust privileges fails if database name contains underscores

[foundationphp]

Using phpMyAdmin 4.5.3.1, MariaDB 10.1.9, PHP 7.0.1.

If database-specific privileges are assigned to a user account on a database that has underscores in its name, Adjust privileges fails when copying or renaming a database. However, if the original database name does not contain underscores, Adjust privileges does work when copying or renaming to a database with underscores in its name. Further changes are also possible because the privilege type is changed from "database-specific" to "wildcard".

• Create a database called my_test, and create a dedicated user account on my_test with all privileges except Grant.
• In the Operations tab of my_test, copy the database to a new database called "another", leaving Adjust privileges selected.
• Select the "another" database, and select the Privileges tab. The original user account is not listed.
• Edit the privileges for the original user account to grant the same privileges on "another".
• In the Operations tab of "another", copy the database to "something_else", leaving Adjust privileges selected.
• Select the "something_else" database's Privileges tab. The user account is listed, but the type is "wildcard". Copying something_else or renaming it now correctly adjust's the user account's privileges.

[devenbansod]

Hi @foundationphp , could you please test if this patch https://github.com/devenbansod/phpmyadmin/commit/95dd3979817fdc70eafaae7d246cd22ab7249dab.patch works for you ?

[devenbansod]

Fixed with #11902 .

[php4fan]

Either this is not fixed, or https://demo.phpmyadmin.net/ is several years out of date. The issue is currently reproducible there

[ibennetch]

I also see this behavior (testing with master), except the second part about copying it to something_else didn't convert the type in my case.

Reopening for reassessment.

[williamdes]

Hi @iifawzi
Would you want to contribute to this one ?

[iifawzi]

Hi @williamdes, I'd love to work on it, I just wanna understand the issue correctly, I'm not able to re-produce it. Whenever the db is renamed, the user privileges are re-created/added in case of renaming/coping. The only part that i'm not able to re-produce is this

I also see this behavior (testing with master), except the second part about copying it to something_else didn't convert the type in my case.

Reopening for reassessment.

I think this's correct, if the db is renamed from another to something_else the privileges should stay the same database-specific ( adding the privileges on something\_else )
do we need to treat the underscores as wildcard and add the privilege to something_else instead of something\_else ?
could you elaborate more on what's expected?

[williamdes]

I just tried and also could not reproduce this issue on 5.1
@php4fan could you please try out the latest 5.1 version in development (phpMyAdmin 5.1+snapshot) ?

Probably the fixes you made @iifawzi solved this issue too

I used the procedure in the first comment, if anybody can also confirm, for me this is fixed

What is expected:

• copy the db to another name
• see that the grant is still okay
• rename it
• see that the grant is still okay

Escaped special chars are expected to stay escaped and non escaped to say non escaped

[php4fan]

I can still reproduce on the current demo server which is version 5.2, with the steps in the original report.

I stop at step 3 which is enough to see that the bug exists.

Note that the first database needs to have an underscore in its name in order to reproduce the issue (just like the suggested "my_test"). No underscore, no issue.

[iifawzi]

Ahh, thank you @php4fan I was granting permissions from the user accounts tab, it seems like it only happens when we create a dedicated account using Add user account from the privileges tab in my_test db; the granted permissions will be granted on unescaped db as if it's a wildcard.

Reproduced on master, and QA_5_1, I will work on it tonight.

[williamdes]

The fix will be part of 5.1.2, and is already part of the latest 5.1 version in development (phpMyAdmin 5.1+snapshot)