mirror of
https://github.com/webmin/webmin.git
synced 2026-03-11 05:12:03 +00:00
Fix MySQL save handlers with parameterized SQL deletes (#8)
This commit is contained in:
Ilia Ross
@@ -11,10 +11,10 @@ if ($in{'delete'}) {
|
||||
$access{'perms'} == 1 || &can_edit_db($in{'olddb'}) ||
|
||||
&error($text{'perms_edb'});
|
||||
&execute_sql_logged($master_db,
|
||||
"delete from columns_priv where user = '$in{'olduser'}' ".
|
||||
"and host = '$in{'oldhost'}' and db = '$in{'olddb'}' ".
|
||||
"and table_name = '$in{'oldtable'}' ".
|
||||
"and column_name = '$in{'oldfield'}'");
|
||||
"delete from columns_priv where user = ? and host = ? ".
|
||||
"and db = ? and table_name = ? and column_name = ?",
|
||||
$in{'olduser'}, $in{'oldhost'}, $in{'olddb'},
|
||||
$in{'oldtable'}, $in{'oldfield'});
|
||||
}
|
||||
else {
|
||||
# Validate inputs
|
||||
|
||||
@@ -11,8 +11,8 @@ if ($in{'delete'}) {
|
||||
$access{'perms'} == 1 || &can_edit_db($in{'olddb'}) ||
|
||||
&error($text{'perms_edb'});
|
||||
&execute_sql_logged($master_db,
|
||||
"delete from db where user = '$in{'olduser'}' ".
|
||||
"and host = '$in{'oldhost'}' and db = '$in{'olddb'}'");
|
||||
"delete from db where user = ? and host = ? and db = ?",
|
||||
$in{'olduser'}, $in{'oldhost'}, $in{'olddb'});
|
||||
}
|
||||
else {
|
||||
# Validate inputs
|
||||
|
||||
@@ -11,8 +11,8 @@ if ($in{'delete'}) {
|
||||
$access{'perms'} == 1 || &can_edit_db($in{'olddb'}) ||
|
||||
&error($text{'perms_edb'});
|
||||
&execute_sql_logged($master_db,
|
||||
"delete from host where host = '$in{'oldhost'}' ".
|
||||
"and db = '$in{'olddb'}'");
|
||||
"delete from host where host = ? and db = ?",
|
||||
$in{'oldhost'}, $in{'olddb'});
|
||||
}
|
||||
else {
|
||||
# Validate inputs
|
||||
|
||||
@@ -11,9 +11,10 @@ if ($in{'delete'}) {
|
||||
$access{'perms'} == 1 || &can_edit_db($in{'olddb'}) ||
|
||||
&error($text{'perms_edb'});
|
||||
&execute_sql_logged($master_db,
|
||||
"delete from tables_priv where user = '$in{'olduser'}' ".
|
||||
"and host = '$in{'oldhost'}' and db = '$in{'olddb'}' ".
|
||||
"and table_name = '$in{'oldtable'}'");
|
||||
"delete from tables_priv where user = ? and host = ? ".
|
||||
"and db = ? and table_name = ?",
|
||||
$in{'olduser'}, $in{'oldhost'}, $in{'olddb'},
|
||||
$in{'oldtable'});
|
||||
}
|
||||
else {
|
||||
# Validate inputs
|
||||
|
||||
@@ -9,8 +9,8 @@ $access{'perms'} == 1 || &error($text{'perms_ecannot'});
|
||||
if ($in{'delete'}) {
|
||||
# Delete some user
|
||||
&execute_sql_logged($master_db,
|
||||
"delete from user where user = '$in{'olduser'}' ".
|
||||
"and host = '$in{'oldhost'}'");
|
||||
"delete from user where user = ? and host = ?",
|
||||
$in{'olduser'}, $in{'oldhost'});
|
||||
}
|
||||
else {
|
||||
# Validate inputs
|
||||
|
||||
@@ -10,9 +10,10 @@ if ($in{'save'} || !@d) {
|
||||
# Update edited
|
||||
$count = 0;
|
||||
foreach $v (keys %in) {
|
||||
if ($v =~ /^value_(\S+)$/) {
|
||||
if ($v =~ /^value_([A-Za-z0-9_]+)$/) {
|
||||
&execute_sql_logged($master_db,
|
||||
"set global $1 = '$in{$v}'");
|
||||
"set global $1 = ?",
|
||||
$in{$v});
|
||||
$first ||= $1;
|
||||
$count++;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user