Fix to unquote database name in view

https://github.com/virtualmin/virtualmin-gpl/issues/723#issuecomment-2262824643
2026-05-16 03:40:26 +01:00 · 2024-08-01 20:29:40 +03:00
parent 8236fb2fd8
commit ae34d0ef86
2 changed files with 12 additions and 2 deletions
--- a/mysql/list_dbs.cgi
+++ b/mysql/list_dbs.cgi
@@ -27,8 +27,9 @@ if (@{$d->{'data'}}) {
 		next if ($access{'perms'} == 2 && !&can_edit_db($u->[1]));
 		local @cols;
 		push(@cols, "<a href='edit_db.cgi?idx=$i'>".
-			($u->[1] eq '%' || $u->[1] eq '' ? $text{'dbs_any'}
-					: &html_escape($u->[1]))."</a>");
+			($u->[1] eq '%' || $u->[1] eq '' ? $text{'dbs_any'} :
+				&html_escape(&unquote_mysql_database(
+						$u->[1])))."</a>");
 		push(@cols, $u->[2] eq '' ? $text{'dbs_anon'}
 					    : &html_escape($u->[2]));
 		push(@cols, $u->[0] eq '%' ? $text{'dbs_any'} :
--- a/mysql/mysql-lib.pl
+++ b/mysql/mysql-lib.pl
@@ -675,6 +675,15 @@ $db =~ s/%/\\%/g;
 return $db;
 }

+# unquote_mysql_database(name)
+# Returns a MySQL database name with \% and \_ characters unescaped
+sub unquote_mysql_database {
+    my ($db) = @_;
+    $db =~ s/\\%/%/g;
+    $db =~ s/\\_/_/g;
+    return $db;
+}
+
 # escapestr(string)
 # Returns a string with quotes escaped, for use in SQL
 sub escapestr