From 89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad Mon Sep 17 00:00:00 2001 From: =?utf8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= Date: Thu, 5 Mar 2020 20:10:13 -0300 Subject: [PATCH] Escape user and hostname when getting auth plugin MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: MaurĂ­cio Meneghini Fauth --- libraries/classes/Server/Privileges.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/libraries/classes/Server/Privileges.php b/libraries/classes/Server/Privileges.php index 0e3e4a9fa3..256cd8084a 100644 --- a/libraries/classes/Server/Privileges.php +++ b/libraries/classes/Server/Privileges.php @@ -1812,8 +1812,11 @@ class Privileges && $mode == 'change' ) { $row = $GLOBALS['dbi']->fetchSingleRow( - 'SELECT `plugin` FROM `mysql`.`user` WHERE ' - . '`User` = "' . $username . '" AND `Host` = "' . $hostname . '" LIMIT 1' + 'SELECT `plugin` FROM `mysql`.`user` WHERE `User` = "' + . $GLOBALS['dbi']->escapeString($username) + . '" AND `Host` = "' + . $GLOBALS['dbi']->escapeString($hostname) + . '" LIMIT 1' ); // Table 'mysql'.'user' may not exist for some previous // versions of MySQL - in that case consider fallback value @@ -1824,8 +1827,11 @@ class Privileges list($username, $hostname) = $GLOBALS['dbi']->getCurrentUserAndHost(); $row = $GLOBALS['dbi']->fetchSingleRow( - 'SELECT `plugin` FROM `mysql`.`user` WHERE ' - . '`User` = "' . $username . '" AND `Host` = "' . $hostname . '"' + 'SELECT `plugin` FROM `mysql`.`user` WHERE `User` = "' + . $GLOBALS['dbi']->escapeString($username) + . '" AND `Host` = "' + . $GLOBALS['dbi']->escapeString($hostname) + . '"' ); if (isset($row) && $row && ! empty($row['plugin'])) { $authentication_plugin = $row['plugin']; -- 2.11.4.GIT