/**
* Test for PMA_getSqlQueryForDisplayPrivTable
*
* @return void
*/
public function testPMAGetSqlQueryForDisplayPrivTable()
{
$username = "******";
$db = '*';
$table = "pma_table";
$hostname = "pma_hostname";
//$db == '*'
$ret = PMA_getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname);
$sql = "SELECT * FROM `mysql`.`user`" . " WHERE `User` = '" . PMA_Util::sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA_Util::sqlAddSlashes($hostname) . "';";
$this->assertEquals($sql, $ret);
//$table == '*'
$db = "pma_db";
$table = "*";
$ret = PMA_getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname);
$sql = "SELECT * FROM `mysql`.`db`" . " WHERE `User` = '" . PMA_Util::sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA_Util::sqlAddSlashes($hostname) . "'" . " AND '" . PMA_Util::unescapeMysqlWildcards($db) . "'" . " LIKE `Db`;";
$this->assertEquals($sql, $ret);
//$table == 'pma_table'
$db = "pma_db";
$table = "pma_table";
$ret = PMA_getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname);
$sql = "SELECT `Table_priv`" . " FROM `mysql`.`tables_priv`" . " WHERE `User` = '" . PMA_Util::sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA_Util::sqlAddSlashes($hostname) . "'" . " AND `Db` = '" . PMA_Util::unescapeMysqlWildcards($db) . "'" . " AND `Table_name` = '" . PMA_Util::sqlAddSlashes($table) . "';";
$this->assertEquals($sql, $ret);
}
/**
* Get HTML snippet for display user properties
*
* @param boolean $dbname_is_wildcard whether database name is wildcard or not
* @param string $url_dbname url database name that urlencode() string
* @param string $username username
* @param string $hostname host name
* @param string $dbname database name
* @param string $tablename table name
*
* @return string $html_output
*/
function PMA_getHtmlForUserProperties($dbname_is_wildcard, $url_dbname, $username, $hostname, $dbname, $tablename)
{
$html_output = '<div id="edit_user_dialog">';
$html_output .= PMA_getHtmlHeaderForUserProperties($dbname_is_wildcard, $url_dbname, $dbname, $username, $hostname, $tablename);
$sql = "SELECT '1' FROM `mysql`.`user`" . " WHERE `User` = '" . PMA_Util::sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA_Util::sqlAddSlashes($hostname) . "';";
$user_does_not_exists = (bool) (!$GLOBALS['dbi']->fetchValue($sql));
if ($user_does_not_exists) {
$html_output .= PMA_Message::error(__('The selected user was not found in the privilege table.'))->getDisplay();
$html_output .= PMA_getHtmlForLoginInformationFields();
//exit;
}
$_params = array('username' => $username, 'hostname' => $hostname);
if (!is_array($dbname) && mb_strlen($dbname)) {
$_params['dbname'] = $dbname;
if (mb_strlen($tablename)) {
$_params['tablename'] = $tablename;
}
} else {
$_params['dbname'] = $dbname;
}
$html_output .= '<form class="submenu-item" name="usersForm" ' . 'id="addUsersForm" action="server_privileges.php" method="post">' . "\n";
$html_output .= PMA_URL_getHiddenInputs($_params);
$html_output .= PMA_getHtmlToDisplayPrivilegesTable(PMA_ifSetOr($dbname, is_array($dbname) ? $dbname[0] : '*', 'length'), PMA_ifSetOr($tablename, '*', 'length'));
$html_output .= '</form>' . "\n";
if (!is_array($dbname) && !mb_strlen($tablename) && empty($dbname_is_wildcard)) {
// no table name was given, display all table specific rights
// but only if $dbname contains no wildcards
$html_output .= '<form class="submenu-item" action="server_privileges.php" ' . 'id="db_or_table_specific_priv" method="post">' . "\n";
// unescape wildcards in dbname at table level
$unescaped_db = PMA_Util::unescapeMysqlWildcards($dbname);
list($html_rightsTable, $found_rows) = PMA_getHtmlForAllTableSpecificRights($username, $hostname, $unescaped_db);
$html_output .= $html_rightsTable;
if (!mb_strlen($dbname)) {
// no database name was given, display select db
$html_output .= PMA_getHtmlForSelectDbInEditPrivs($found_rows);
} else {
$html_output .= PMA_displayTablesInEditPrivs($dbname, $found_rows);
}
$html_output .= '</fieldset>' . "\n";
$html_output .= '<fieldset class="tblFooters">' . "\n" . ' <input type="submit" value="' . __('Go') . '" />' . '</fieldset>' . "\n" . '</form>' . "\n";
}
// Provide a line with links to the relevant database and table
if (!is_array($dbname) && mb_strlen($dbname) && empty($dbname_is_wildcard)) {
$html_output .= PMA_getLinkToDbAndTable($url_dbname, $dbname, $tablename);
}
if (!is_array($dbname) && !mb_strlen($dbname) && !$user_does_not_exists) {
//change login information
$html_output .= PMA_getHtmlForChangePassword($username, $hostname);
$html_output .= PMA_getChangeLoginInformationHtmlForm($username, $hostname);
}
$html_output .= '</div>';
return $html_output;
}
/**
* Get HTML for display table in edit privilege
*
* @param string $dbname database naame
* @param array $found_rows isset($dbname)) ? $row['Db'] : $row['Table_name']
*
* @return string HTML snippet
*/
function PMA_displayTablesInEditPrivs($dbname, $found_rows)
{
$html_output = '<input type="hidden" name="dbname"
' . 'value="' . htmlspecialchars($dbname) . '"/>' . "\n";
$html_output .= '<label for="text_tablename">' . __('Add privileges on the following table') . ':</label>' . "\n";
$result = @PMA_DBI_try_query('SHOW TABLES FROM ' . PMA_Util::backquote(PMA_Util::unescapeMysqlWildcards($dbname)) . ';', null, PMA_DBI_QUERY_STORE);
if ($result) {
$pred_tbl_array = array();
while ($row = PMA_DBI_fetch_row($result)) {
if (!isset($found_rows) || !in_array($row[0], $found_rows)) {
$pred_tbl_array[] = $row[0];
}
}
PMA_DBI_free_result($result);
if (!empty($pred_tbl_array)) {
$html_output .= '<select name="pred_tablename" ' . 'class="autosubmit">' . "\n" . '<option value="" selected="selected">' . __('Use text field') . ':</option>' . "\n";
foreach ($pred_tbl_array as $current_table) {
$html_output .= '<option ' . 'value="' . htmlspecialchars($current_table) . '">' . htmlspecialchars($current_table) . '</option>' . "\n";
}
$html_output .= '</select>' . "\n";
}
}
$html_output .= '<input type="text" id="text_tablename" name="tablename" />' . "\n";
return $html_output;
}
/**
* checks the only_db configuration
*
* @return boolean false if there is no only_db, otherwise true
*/
protected function checkOnlyDatabase()
{
if (is_string($GLOBALS['cfg']['Server']['only_db']) && strlen($GLOBALS['cfg']['Server']['only_db'])) {
$GLOBALS['cfg']['Server']['only_db'] = array($GLOBALS['cfg']['Server']['only_db']);
}
if (!is_array($GLOBALS['cfg']['Server']['only_db'])) {
return false;
}
$items = array();
foreach ($GLOBALS['cfg']['Server']['only_db'] as $each_only_db) {
// check if the db name contains wildcard,
// thus containing not escaped _ or %
if (!preg_match('/(^|[^\\\\])(_|%)/', $each_only_db)) {
// ... not contains wildcard
$items[] = PMA_Util::unescapeMysqlWildcards($each_only_db);
continue;
}
if ($this->can_retrieve_databases) {
$items = array_merge($items, $this->retrieve($each_only_db));
continue;
}
}
$this->exchangeArray($items);
return true;
}
/**
* PMA_Util::unescapeMysqlWildcards tests
*
* @param string $a String to escape
* @param string $b Expected value
*
* @return void
*
* @dataProvider escapeDataProvider
*/
public function testUnEscape($a, $b)
{
$this->assertEquals($b, PMA_Util::unescapeMysqlWildcards($a));
}
} elseif (PMA_isValid($_REQUEST['tablename'])) {
$tablename = $_REQUEST['tablename'];
} else {
unset($tablename);
}
if (PMA_isValid($_REQUEST['pred_dbname'])) {
$dbname = $_REQUEST['pred_dbname'];
unset($pred_dbname);
} elseif (PMA_isValid($_REQUEST['dbname'])) {
$dbname = $_REQUEST['dbname'];
} else {
unset($dbname);
unset($tablename);
}
if (isset($dbname)) {
$unescaped_db = PMA_Util::unescapeMysqlWildcards($dbname);
$db_and_table = PMA_Util::backquote($unescaped_db) . '.';
if (isset($tablename)) {
$db_and_table .= PMA_Util::backquote($tablename);
} else {
$db_and_table .= '*';
}
} else {
$db_and_table = '*.*';
}
// check if given $dbname is a wildcard or not
if (isset($dbname)) {
//if (preg_match('/\\\\(?:_|%)/i', $dbname)) {
if (preg_match('/(?<!\\\\)(?:_|%)/i', $dbname)) {
$dbname_is_wildcard = true;
} else {
/**
* checks the only_db configuration
*
* @return boolean false if there is no only_db, otherwise true
*/
protected function checkOnlyDatabase()
{
if (is_string($GLOBALS['cfg']['Server']['only_db']) && strlen($GLOBALS['cfg']['Server']['only_db'])) {
$GLOBALS['cfg']['Server']['only_db'] = array($GLOBALS['cfg']['Server']['only_db']);
}
if (!is_array($GLOBALS['cfg']['Server']['only_db'])) {
return false;
}
$items = array();
foreach ($GLOBALS['cfg']['Server']['only_db'] as $each_only_db) {
// check if the db name contains wildcard,
// thus containing not escaped _ or %
if (!preg_match('/(^|[^\\\\])(_|%)/', $each_only_db)) {
// ... not contains wildcard
$items[] = PMA_Util::unescapeMysqlWildcards($each_only_db);
continue;
}
if (!$this->show_databases_disabled) {
$items = array_merge($items, $this->retrieve($each_only_db));
continue;
}
// @todo induce error, about not using wildcards
// with SHOW DATABASE disabled?
}
$this->exchangeArray($items);
return true;
}
