From bafb4e38086d653265ef6c84b7fdd9e0fd90e434 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Mon, 28 Dec 2015 16:41:08 -0800
Subject: [PATCH] Use proper SQL params for column privs

---
 mysql/edit_cpriv.cgi |  7 ++++++-
 mysql/save_cpriv.cgi | 36 +++++++++++++++++++-----------------
 2 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/mysql/edit_cpriv.cgi b/mysql/edit_cpriv.cgi
index c7e11269e..9930c5af7 100755
--- a/mysql/edit_cpriv.cgi
+++ b/mysql/edit_cpriv.cgi
@@ -30,7 +30,12 @@ else {
 
 print &ui_form_start("save_cpriv.cgi");
 if ($in{'table'}) {
-	print &ui_hidden("table", $in{'table'});
+	if (defined($in{'db'})) {
+		print &ui_hidden("table", $in{'db'}.".".$in{'table'});
+		}
+	else {
+		print &ui_hidden("table", $in{'table'});
+		}
 	}
 else {
 	print &ui_hidden("oldhost", $u->[0]);
diff --git a/mysql/save_cpriv.cgi b/mysql/save_cpriv.cgi
index 4487de678..781ee446e 100755
--- a/mysql/save_cpriv.cgi
+++ b/mysql/save_cpriv.cgi
@@ -31,29 +31,31 @@ else {
 		($d, $t) = split(/\./, $in{'table'});
 		$access{'perms'} == 1 || &can_edit_db($d) ||
 			&error($text{'perms_edb'});
-		$sql = sprintf "insert into columns_priv values ('%s', '%s', ".
-			       "'%s', '%s', '%s', NULL, '%s')",
-				$in{'host_def'} ? '%' : $in{'host'}, $d,
-				$in{'user_def'} ? '' : $in{'user'},
-				$t, $in{'field'}, $in{'perms'};
+		$sql = "insert into columns_priv (host, db, user, ".
+		       "table_name, column_name, column_priv) ".
+		       "values (?, ?, ?, ?, ?, ?)";
+		&execute_sql_logged($master_db, $sql,
+			$in{'host_def'} ? '%' : $in{'host'},
+			$d,
+			$in{'user_def'} ? '' : $in{'user'},
+			$t, $in{'field'}, $in{'perms'});
 		}
 	else {
 		# Update existing column permissions
 		$access{'perms'} == 1 || &can_edit_db($in{'olddb'}) ||
 			&error($text{'perms_edb'});
-		$sql = sprintf "update columns_priv set host = '%s', ".
-			       "user = '%s', column_name = '%s', ".
-			       "column_priv = '%s' where host = '%s' ".
-			       "and db = '%s' and user = '%s' ".
-			       "and table_name = '%s' and column_name = '%s'",
-				$in{'host_def'} ? '%' : $in{'host'},
-				$in{'user_def'} ? '' : $in{'user'},
-				$in{'field'}, $in{'perms'},
-				$in{'oldhost'}, $in{'olddb'},
-				$in{'olduser'}, $in{'oldtable'},
-				$in{'oldfield'};
+		$sql = "update columns_priv set host = ?, user = ?, ".
+		       "column_name = ?, column_priv = ? where host = ? ".
+		       "and db = ? and user = ? and table_name = ? and ".
+		       "column_name = ?";
+		&execute_sql_logged($master_db, $sql,
+			$in{'host_def'} ? '%' : $in{'host'},
+			$in{'user_def'} ? '' : $in{'user'},
+			$in{'field'}, $in{'perms'},
+			$in{'oldhost'}, $in{'olddb'},
+			$in{'olduser'}, $in{'oldtable'},
+			$in{'oldfield'});
 		}
-	&execute_sql_logged($master_db, $sql);
 	}
 &execute_sql_logged($master_db, 'flush privileges');
 if ($in{'delete'}) {