/** * Test for PMA_getSqlQueryForDisplayPrivTable * * @return void */ public function testPMAGetSqlQueryForDisplayPrivTable() { $username = "******"; $db = '*'; $table = "pma_table"; $hostname = "pma_hostname"; //$db == '*' $ret = PMA_getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname); $sql = "SELECT * FROM `mysql`.`user`" . " WHERE `User` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA\libraries\Util::sqlAddSlashes($hostname) . "';"; $this->assertEquals($sql, $ret); //$table == '*' $db = "pma_db"; $table = "*"; $ret = PMA_getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname); $sql = "SELECT * FROM `mysql`.`db`" . " WHERE `User` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA\libraries\Util::sqlAddSlashes($hostname) . "'" . " AND '" . PMA\libraries\Util::unescapeMysqlWildcards($db) . "'" . " LIKE `Db`;"; $this->assertEquals($sql, $ret); //$table == 'pma_table' $db = "pma_db"; $table = "pma_table"; $ret = PMA_getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname); $sql = "SELECT `Table_priv`" . " FROM `mysql`.`tables_priv`" . " WHERE `User` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA\libraries\Util::sqlAddSlashes($hostname) . "'" . " AND `Db` = '" . PMA\libraries\Util::unescapeMysqlWildcards($db) . "'" . " AND `Table_name` = '" . PMA\libraries\Util::sqlAddSlashes($table) . "';"; $this->assertEquals($sql, $ret); }
/** * Displays the privileges form table * * @param string $db the database * @param string $table the table * @param boolean $submit whether to display the submit button or not * * @global array $cfg the phpMyAdmin configuration * @global resource $user_link the database connection * * @return string html snippet */ function PMA_getHtmlToDisplayPrivilegesTable($db = '*', $table = '*', $submit = true) { $html_output = ''; $sql_query = ''; if ($db == '*') { $table = '*'; } if (isset($GLOBALS['username'])) { $username = $GLOBALS['username']; $hostname = $GLOBALS['hostname']; $sql_query = PMA_getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname); $row = $GLOBALS['dbi']->fetchSingleRow($sql_query); } if (empty($row)) { if ($table == '*' && $GLOBALS['is_superuser']) { if ($db == '*') { $sql_query = 'SHOW COLUMNS FROM `mysql`.`user`;'; } elseif ($table == '*') { $sql_query = 'SHOW COLUMNS FROM `mysql`.`db`;'; } $res = $GLOBALS['dbi']->query($sql_query); while ($row1 = $GLOBALS['dbi']->fetchRow($res)) { if (mb_substr($row1[0], 0, 4) == 'max_') { $row[$row1[0]] = 0; } elseif (mb_substr($row1[0], 0, 5) == 'x509_' || mb_substr($row1[0], 0, 4) == 'ssl_') { $row[$row1[0]] = ''; } else { $row[$row1[0]] = 'N'; } } $GLOBALS['dbi']->freeResult($res); } elseif ($table == '*') { $row = array(); } else { $row = array('Table_priv' => ''); } } if (isset($row['Table_priv'])) { PMA_fillInTablePrivileges($row); // get columns $res = $GLOBALS['dbi']->tryQuery('SHOW COLUMNS FROM ' . PMA_Util::backquote(PMA_Util::unescapeMysqlWildcards($db)) . '.' . PMA_Util::backquote($table) . ';'); $columns = array(); if ($res) { while ($row1 = $GLOBALS['dbi']->fetchRow($res)) { $columns[$row1[0]] = array('Select' => false, 'Insert' => false, 'Update' => false, 'References' => false); } $GLOBALS['dbi']->freeResult($res); } unset($res, $row1); } // table-specific privileges if (!empty($columns)) { $html_output .= PMA_getHtmlForTableSpecificPrivileges($username, $hostname, $db, $table, $columns, $row); } else { // global or db-specific $html_output .= PMA_getHtmlForGlobalOrDbSpecificPrivs($db, $table, $row); } $html_output .= '</fieldset>' . "\n"; if ($submit) { $html_output .= '<fieldset id="fieldset_user_privtable_footer" ' . 'class="tblFooters">' . "\n" . '<input type="hidden" name="update_privs" value="1" />' . "\n" . '<input type="submit" value="' . __('Go') . '" />' . "\n" . '</fieldset>' . "\n"; } return $html_output; }
/** * Displays the privileges form table * * @param string $db the database * @param string $table the table * @param boolean $submit wheather to display the submit button or not * * @global array $cfg the phpMyAdmin configuration * @global ressource $user_link the database connection * * @return string html snippet */ function PMA_getHtmlToDisplayPrivilegesTable($db = '*', $table = '*', $submit = true) { $html_output = ''; if ($db == '*') { $table = '*'; } if (isset($GLOBALS['username'])) { $username = $GLOBALS['username']; $hostname = $GLOBALS['hostname']; $sql_query = PMA_getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname); $row = PMA_DBI_fetch_single_row($sql_query); } if (empty($row)) { if ($table == '*') { if ($db == '*') { $sql_query = 'SHOW COLUMNS FROM `mysql`.`user`;'; } elseif ($table == '*') { $sql_query = 'SHOW COLUMNS FROM `mysql`.`db`;'; } $res = PMA_DBI_query($sql_query); while ($row1 = PMA_DBI_fetch_row($res)) { if (substr($row1[0], 0, 4) == 'max_') { $row[$row1[0]] = 0; } else { $row[$row1[0]] = 'N'; } } PMA_DBI_free_result($res); } else { $row = array('Table_priv' => ''); } } if (isset($row['Table_priv'])) { $row1 = PMA_DBI_fetch_single_row('SHOW COLUMNS FROM `mysql`.`tables_priv` LIKE \'Table_priv\';', 'ASSOC', $GLOBALS['userlink']); // note: in MySQL 5.0.3 we get "Create View', 'Show view'; // the View for Create is spelled with uppercase V // the view for Show is spelled with lowercase v // and there is a space between the words $av_grants = explode('\',\'', substr($row1['Type'], strpos($row1['Type'], '(') + 2, strpos($row1['Type'], ')') - strpos($row1['Type'], '(') - 3)); unset($row1); $users_grants = explode(',', $row['Table_priv']); foreach ($av_grants as $current_grant) { $row[$current_grant . '_priv'] = in_array($current_grant, $users_grants) ? 'Y' : 'N'; } unset($row['Table_priv'], $current_grant, $av_grants, $users_grants); // get columns $res = PMA_DBI_try_query('SHOW COLUMNS FROM ' . PMA_Util::backquote(PMA_Util::unescapeMysqlWildcards($db)) . '.' . PMA_Util::backquote($table) . ';'); $columns = array(); if ($res) { while ($row1 = PMA_DBI_fetch_row($res)) { $columns[$row1[0]] = array('Select' => false, 'Insert' => false, 'Update' => false, 'References' => false); } PMA_DBI_free_result($res); } unset($res, $row1); } // t a b l e - s p e c i f i c p r i v i l e g e s if (!empty($columns)) { $html_output .= PMA_getHtmlForTableSpecificPrivileges($username, $hostname, $db, $table, $columns, $row); } else { // g l o b a l o r d b - s p e c i f i c $html_output .= PMA_getHtmlForGlobalOrDbSpecificPrivs($db, $table, $row); } $html_output .= '</fieldset>' . "\n"; if ($submit) { $html_output .= '<fieldset id="fieldset_user_privtable_footer" ' . 'class="tblFooters">' . "\n" . '<input type="submit" name="update_privs" ' . 'value="' . __('Go') . '" />' . "\n" . '</fieldset>' . "\n"; } return $html_output; }