New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Double escaping underscore in privileges check process #16694
Comments
Signed-off-by: William Desportes <williamdes@wdes.fr>
|
Hi @vasilevrv |
|
Thanks, @williamdes! Will you fix it in future release? |
Sure, if this is a real bug. I am currently investigating to find out why this fix was done |
|
Some time ago Lines 4152 to 4153 in a303eb8
The first time it was added it was in 3.5.1 by eca291c phpmyadmin/libraries/common.lib.php Lines 3772 to 3773 in 5ff7adb
|
|
@williamdes, the problem was found in MariaDB 10.5.8, maybe everything is different in this version? |
I tried with MariaDB 10.5 🤔 Maybe you can try on my deployed server that has a bunch of different servers and versions: https://phpmyadmin-dev.wdes.eu.org/ |
|
For now I can not find any documentation that says that escaping is needed or not. But it could make sense that for |
|
Hello again, @williamdes! In MariaDB 10.5.8 result for your query: Underscores is not escaped. For example, And with escaping: Sure, I think the problem is that the TABLE_SCHEMA is escaped (maybe, I haven't tested), but the TABLE_NAME is not |
|
That sounds about right! https://dev.mysql.com/doc/refman/8.0/en/request-access.html
as a result, need escape only Host and Db, as I understand |
Thank you @shucon for the link |
Signed-off-by: William Desportes <williamdes@wdes.fr>


Hello,
phpmyadmin/libraries/classes/Util.php
Line 2311 in 583e61f
We get incorrect result SQL query (and triggers unavailable, user has privileges for table and does not have full database privileges):
If comment this line - it working perfectly.
Version with confirmed problem - 5.0.4, line 4042:
https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_4/libraries/classes/Util.php#L4042
But current version have the same code.
This function called from libraries/classes/Menu.php and "Triggers" menu item is not visible and in Triggers page all functional unavailable.
Please check and fix it. Thanks in advance!
The text was updated successfully, but these errors were encountered: