Join GitHub today
Bookmark::getList function has a logical bug in the query conditions #13761
I have created a dozen of bookmarks in PMA 220.127.116.11, and had no issues to have bookmarks with the same label but for different databases. Today i upgraded to PMA 4.7.4 and found that almost all of my bookmarks are shown if i am within a database scope.
Investigating the issue lead me in the end to the SQL query that retrieves the bookmarks, and seen a huge difference in the logic compared from 18.104.22.168 to 4.7.4:
in 22.214.171.124 the retrieval of the bookmarks is a multi query procedure depending on db is selected or not, roughly outlined below:
in 4.7.4 the retrieval of the bookmarks is a single query procedure, with the query string extended for database condition depending on db is selected or not:
The idea to have a single query for per-user and shared bookmarks is great, but this new process did not count with the rules of mysql operator precedence if the database is specified.
Lets have a look at the new query:
The precedence causing the "logical AND" to evaluated first, and the "logical OR" as next, resulting in every shared bookmark, OR the per-user bookmarks of the specified database.
The intended procedure, to retrieve the per-user or shared bookmarks for the the database would reqire to use parentheses:
Which results in the correct amount of bookmarks.
Also leaving the parentheses in the query, without the database condition has IMO no negative effect, so i suggest to add the parentheses to the lines below:
What do you think?