From 8cf78b31b28b9183579c7939b947e1f7e9f5c2fa Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 12 Jan 2012 04:54:19 -0500
Subject: [PATCH] Merged revisions 2812-2883 from staböe branch.
---
server/plugins-available/mysql_clientdb_plugin.inc.php | 13 +++++--------
1 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index 5bcfbee..595e245 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -100,7 +100,7 @@
if($valid == false) continue;
if($action == 'GRANT') {
- if(!$link->query("GRANT ALL ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY '".$link->escape_string($database_password)."';")) $success = false;
+ if(!mysql_query("GRANT ALL ON ".mysql_real_escape_string($database_name,$link).".* TO '".mysql_real_escape_string($database_user,$link)."'@'$db_host' IDENTIFIED BY PASSWORD '".mysql_real_escape_string($database_password,$link)."';",$link)) $success = false;
} elseif($action == 'REVOKE') {
//mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($database_name,$link).".* FROM '".mysql_real_escape_string($database_user,$link)."';",$link);
} elseif($action == 'DROP') {
@@ -108,7 +108,7 @@
} elseif($action == 'RENAME') {
if(!$link->query("RENAME USER '".$link->escape_string($database_user)."'@'$db_host' TO '".$link->escape_string($database_rename_user)."'@'$db_host'")) $success = false;
} elseif($action == 'PASSWORD') {
- if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = PASSWORD('".$link->escape_string($database_password)."');")) $success = false;
+ if(!mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($database_user,$link)."'@'$db_host' = '".mysql_real_escape_string($database_password,$link)."';",$link)) $success = false;
}
}
@@ -158,7 +158,7 @@
}
$db_host = 'localhost';
- $link->query("GRANT ALL ON `".str_replace(array('_','%'),array('\\_','\\%'),$link->escape_string($data['new']['database_name']))."`.* TO '".$link->escape_string($data['new']['database_user'])."'@'$db_host' IDENTIFIED BY '".$link->escape_string($data['new']['database_password'])."';");
+ mysql_query("GRANT ALL ON `".str_replace(array('_','%'),array('\\_','\\%'),mysql_real_escape_string($data['new']['database_name'],$link))."`.* TO '".mysql_real_escape_string($data['new']['database_user'],$link)."'@'$db_host' IDENTIFIED BY PASSWORD '".mysql_real_escape_string($data['new']['database_password'],$link)."';",$link);
}
@@ -197,7 +197,7 @@
}
$db_host = 'localhost';
- $link->query("GRANT ALL ON `".str_replace(array('_','%'),array('\\_','\\%'),$link->escape_string($data['new']['database_name']))."`.* TO '".$link->escape_string($data['new']['database_user'])."'@'$db_host' IDENTIFIED BY '".$link->escape_string($data['new']['database_password'])."';");
+ mysql_query("GRANT ALL ON `".str_replace(array('_','%'),array('\\_','\\%'),mysql_real_escape_string($data['new']['database_name'],$link))."`.* TO '".mysql_real_escape_string($data['new']['database_user'],$link)."'@'$db_host' IDENTIFIED BY PASSWORD '".mysql_real_escape_string($data['new']['database_password'],$link)."';",$link);
// mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
//echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';";
@@ -247,10 +247,7 @@
//* Change password
if($data['new']['database_password'] != $data['old']['database_password']) {
$db_host = 'localhost';
- $link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = PASSWORD('".$link->escape_string($data['new']['database_password'])."');");
- if($link->error) {
- error_log($link->error);
- }
+ mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data['new']['database_user'],$link)."'@'$db_host' = '".mysql_real_escape_string($data['new']['database_password'],$link)."';",$link);
if($data['new']['remote_access'] == 'y') {
$this->process_host_list('PASSWORD', '', $data['new']['database_user'], $data['new']['database_password'], $data['new']['remote_ips']);
--
Gitblit v1.9.1