Skip to content

Commit 6733652

Browse files
tbrehmtbrehm
committed
Fixed several bugs in client db plugin.
1 parent da32e89 commit 6733652

File tree

2 files changed

+29
-16
lines changed

2 files changed

+29
-16
lines changed

server/lib/classes/db_mysql.inc.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -168,7 +168,7 @@ function quote($formfield)
168168
return addslashes($formfield);
169169
}
170170

171-
return mysql_real_escape_string($formfield);
171+
return mysql_real_escape_string($formfield, $this->linkId);
172172
}
173173

174174
// Check der variablen

server/plugins-available/mysql_clientdb_plugin.inc.php

Lines changed: 28 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ function db_insert($event_name,$data) {
7171
global $app, $conf;
7272

7373
if($data["new"]["type"] == 'mysql') {
74-
if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
74+
if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
7575
$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
7676
return;
7777
}
@@ -102,12 +102,14 @@ function db_insert($event_name,$data) {
102102

103103
if($data["new"]["remote_access"] == 'y') {
104104
$db_host = '%';
105+
mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
106+
$db_host = 'localhost';
107+
mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
105108
} else {
106109
$db_host = 'localhost';
110+
mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
107111
}
108112

109-
mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';",$link);
110-
//echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';";
111113
}
112114

113115
mysql_query("FLUSH PRIVILEGES;",$link);
@@ -119,7 +121,7 @@ function db_update($event_name,$data) {
119121
global $app, $conf;
120122

121123
if($data["new"]["type"] == 'mysql') {
122-
if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
124+
if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
123125
$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
124126
return;
125127
}
@@ -136,11 +138,15 @@ function db_update($event_name,$data) {
136138

137139
if($data["new"]["remote_access"] == 'y') {
138140
$db_host = '%';
141+
mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
142+
$db_host = 'localhost';
143+
mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
139144
} else {
140145
$db_host = 'localhost';
146+
mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
141147
}
142148

143-
mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';",$link);
149+
// mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
144150
//echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';";
145151
}
146152

@@ -153,23 +159,30 @@ function db_update($event_name,$data) {
153159
$db_host = 'localhost';
154160
}
155161

156-
mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"]).".* FROM '".mysql_real_escape_string($data["new"]["database_user"])."';",$link);
162+
mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
157163
}
158164

159165
//* Rename User
160166
if($data["new"]["database_user"] != $data["old"]["database_user"]) {
161-
mysql_query("RENAME USER '".mysql_real_escape_string($data["old"]["database_user"])."' TO '".mysql_real_escape_string($data["new"]["database_user"])."'",$link);
167+
mysql_query("RENAME USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."' TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'",$link);
162168
$app->log('Renaming mysql user: '.$data["old"]["database_user"].' to '.$data["new"]["database_user"],LOGLEVEL_DEBUG);
163169
}
164170

165171
//* Remote access option has changed.
166172
if($data["new"]["remote_access"] != $data["old"]["remote_access"]) {
173+
174+
//* revoke old priveliges
175+
mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
176+
177+
//* set new priveliges
167178
if($data["new"]["remote_access"] == 'y') {
168-
mysql_query("UPDATE mysql.user SET Host = '%' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = 'localhost';",$link);
169-
mysql_query("UPDATE mysql.db SET Host = '%' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = 'localhost';",$link);
179+
$db_host = '%';
180+
mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
181+
$db_host = 'localhost';
182+
mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
170183
} else {
171-
mysql_query("UPDATE mysql.user SET Host = 'localhost' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = '%';",$link);
172-
mysql_query("UPDATE mysql.db SET Host = 'localhost' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = '%';",$link);
184+
$db_host = 'localhost';
185+
mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
173186
}
174187
$app->log('Changing mysql remote access priveliges for database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG);
175188
}
@@ -190,7 +203,7 @@ function db_update($event_name,$data) {
190203

191204
//* Change password
192205
if($data["new"]["database_password"] != $data["old"]["database_password"]) {
193-
mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' = PASSWORD('".mysql_real_escape_string($data["new"]["database_password"])."');",$link);
206+
mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' = PASSWORD('".mysql_real_escape_string($data["new"]["database_password"],$link)."');",$link);
194207
$app->log('Changing mysql user password for: '.$data["new"]["database_user"],LOGLEVEL_DEBUG);
195208
}
196209

@@ -204,7 +217,7 @@ function db_delete($event_name,$data) {
204217
global $app, $conf;
205218

206219
if($data["old"]["type"] == 'mysql') {
207-
if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
220+
if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
208221
$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
209222
return;
210223
}
@@ -223,13 +236,13 @@ function db_delete($event_name,$data) {
223236
$db_host = 'localhost';
224237
}
225238

226-
if(mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"])."'@'$db_host';",$link)) {
239+
if(mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."'@'$db_host';",$link)) {
227240
$app->log('Dropping mysql user: '.$data["old"]["database_user"],LOGLEVEL_DEBUG);
228241
} else {
229242
$app->log('Error while dropping mysql user: '.$data["old"]["database_user"].' '.mysql_error($link),LOGLEVEL_ERROR);
230243
}
231244

232-
if(mysql_query('DROP DATABASE '.mysql_real_escape_string($data["old"]["database_name"]),$link)) {
245+
if(mysql_query('DROP DATABASE '.mysql_real_escape_string($data["old"]["database_name"],$link),$link)) {
233246
$app->log('Dropping mysql database: '.$data["old"]["database_name"],LOGLEVEL_DEBUG);
234247
} else {
235248
$app->log('Error while dropping mysql database: '.$data["old"]["database_name"].' '.mysql_error($link),LOGLEVEL_ERROR);

0 commit comments

Comments
 (0)