Fix: Fixing all the issues related to assigning privileges to databases with '_' #17015
Conversation
|
Hi @iifawzi Currently you removed all escaping, this is not right because as you can see on my example So you need to add back escaping on DB list, edit page. That said the queries look good ! I have a theory about why there is two mysql.db
Show dbs before
Show dbs after
|
|
I can see that in your
How can I encounter such an issue? what do you mean by This PR implementation is suppose to have this:
are we ok with this? can you give me a case that might prevent this from happening or make a conflict with it in the GUI? I'm asking because, if the queries look good, so it means the GUI looks good I think, because i'm just unescaping the name used in the query, and used it in the GUI, if the. GUI can be misleading in any case, so it means there will be something wrong in the queries I think. how can the query looks good, and the GUI have bugs? It took too long I know, thank your for your patience, I just wanna be sure that I understood your points before adding back the escaping on DB list, edit page GUIs. Thank you again. |
No, it's indended and is a wildcard example
You can grant a user the use of I am not sure if this is more clear, but there is a case where |
|
So you only need to escape on database lists add to make |
Ohhh... I got it. Nice! I never thought that this's possible. |
Signed-off-by: Fawzi E. Abdulfattah <iifawzie@gmail.com>
iifawzi
force-pushed
the
fix-privileges-issues
branch
from
abb6e03
to
68981b7
Compare
| @@ -514,8 +514,7 @@ public function getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname | |||
| return 'SELECT * FROM `mysql`.`db`' | |||
| . " WHERE `User` = '" . $this->dbi->escapeString($username) . "'" | |||
| . " AND `Host` = '" . $this->dbi->escapeString($hostname) . "'" | |||
| . " AND '" . $this->dbi->escapeString(Util::unescapeMysqlWildcards($db)) . "'" | |||
| . ' LIKE `Db`;'; | |||
| . " AND `Db` = '" . $this->dbi->escapeString($db) . "'"; | |||
There was a problem hiding this comment.
I've encountered another issue regarding the privileges table, if we have a privileges on a_% and a_hidden.
before, if we tried to edit the privileges on a_hidden, the privileges of a_% will be shown instead. (can be tested on https://demo.phpmyadmin.net/master/ ), I've fixed it by looking for an exact match instead of using LIKE, and removed the unescaping function, I've tested all the cases that crossed my mind they worked as expected, I hope that I'm not missing anything.
|
Just found something ( #16477 is back) |
|
Hmm, I think based on #16477 (comment), the issue was due to considering the
The issue you've mentioned is regarding granting a permissions on a wildcard example like the mess comes from that when #16481 is introduced, this bug #17010 (comment) wasn't fixed. which leaded to allowing the |
|
@sudo-robot deploy |
|
Hmm, you are right. This was probably a bug, I could not replicate it on the deployed server. |
|
let me know if you've found anything that could be fixed, and thank you for following up with this, your guidance, and your fast replies @williamdes, You're encouraging me to keep contributing |
I am so happy to have so great and involved contributions ! ❤️ Conclusion: it works better when I use an escaped version 🤦🏻
|
Signed-off-by: William Desportes <williamdes@wdes.fr>
Signed-off-by: William Desportes <williamdes@wdes.fr>
Signed-off-by: Fawzi E. Abdulfattah iifawzie@gmail.com
Description
This PR fixes all the bugs discussed at #17010 and the bug mentioned in #16994.
Fixes: