From 671bf5bff1024a6574089dcbbaa1724c622bf508 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur <eldy@users.sourceforge.net> Date: Mon, 22 Feb 2010 19:16:03 +0000 Subject: [PATCH] =?UTF-8?q?Fix:=20bug=20#28895=20:=20Cr=E9ation=20d'utilis?= =?UTF-8?q?ateur=20impossible.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ChangeLog | 1 + htdocs/lib/databases/mysql.lib.php | 4 ++-- htdocs/lib/databases/mysqli.lib.php | 4 ++-- htdocs/lib/databases/pgsql.lib.php | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 87eca13ebe4..8fe1e968571 100644 --- a/ChangeLog +++ b/ChangeLog @@ -51,6 +51,7 @@ For users: - Fix: Running sending-email.php - Fix: Warning should not appears for invoice closed - Fix: Import for companies works even with prefix empty. +- Fix: bug #28895 : Création d'utilisateur impossible. For developers: - Qual: Reorganize /dev directory. diff --git a/htdocs/lib/databases/mysql.lib.php b/htdocs/lib/databases/mysql.lib.php index c80d5f17361..01e738f1d10 100644 --- a/htdocs/lib/databases/mysql.lib.php +++ b/htdocs/lib/databases/mysql.lib.php @@ -999,7 +999,7 @@ class DoliDb { $sql = "INSERT INTO user "; $sql.= "(Host,User,password,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Index_Priv,Alter_priv,Lock_tables_priv)"; - $sql.= " VALUES ('$dolibarr_main_db_host','$dolibarr_main_db_user',password('$dolibarr_main_db_pass')"; + $sql.= " VALUES ('".addslashes($dolibarr_main_db_host)."','".addslashes($dolibarr_main_db_user)."',password('".addslashes($dolibarr_main_db_pass)."')"; $sql.= ",'Y','Y','Y','Y','Y','Y','Y','Y','Y')"; dol_syslog("mysql.lib::DDLCreateUser", LOG_DEBUG); // No sql to avoid password in log @@ -1012,7 +1012,7 @@ class DoliDb $sql = "INSERT INTO db "; $sql.= "(Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Index_Priv,Alter_priv,Lock_tables_priv)"; - $sql.= " VALUES ('$dolibarr_main_db_host','$dolibarr_main_db_name','$dolibarr_main_db_user'"; + $sql.= " VALUES ('".addslashes($dolibarr_main_db_host)."','".addslashes($dolibarr_main_db_name)."','".addslashes($dolibarr_main_db_user)."'"; $sql.= ",'Y','Y','Y','Y','Y','Y','Y','Y','Y')"; dol_syslog("mysql.lib::DDLCreateUser sql=".$sql,LOG_DEBUG); diff --git a/htdocs/lib/databases/mysqli.lib.php b/htdocs/lib/databases/mysqli.lib.php index 773d5d88498..58f28fc6dc4 100644 --- a/htdocs/lib/databases/mysqli.lib.php +++ b/htdocs/lib/databases/mysqli.lib.php @@ -1011,7 +1011,7 @@ class DoliDb { $sql = "INSERT INTO user "; $sql.= "(Host,User,password,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Index_Priv,Alter_priv,Lock_tables_priv)"; - $sql.= " VALUES ('$dolibarr_main_db_host','$dolibarr_main_db_user',password('$dolibarr_main_db_pass')"; + $sql.= " VALUES ('".addslashes($dolibarr_main_db_host)."','".addslashes($dolibarr_main_db_user)."',password('".addslashes($dolibarr_main_db_pass)."')"; $sql.= ",'Y','Y','Y','Y','Y','Y','Y','Y','Y')"; dol_syslog("mysqli.lib::DDLCreateUser", LOG_DEBUG); // No sql to avoid password in log @@ -1024,7 +1024,7 @@ class DoliDb $sql = "INSERT INTO db "; $sql.= "(Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Index_Priv,Alter_priv,Lock_tables_priv)"; - $sql.= " VALUES ('$dolibarr_main_db_host','$dolibarr_main_db_name','$dolibarr_main_db_user'"; + $sql.= " VALUES ('".addslashes($dolibarr_main_db_host)."','".addslashes($dolibarr_main_db_name)."','".addslashes($dolibarr_main_db_user)."'"; $sql.= ",'Y','Y','Y','Y','Y','Y','Y','Y','Y')"; dol_syslog("mysqli.lib::DDLCreateUser sql=".$sql); diff --git a/htdocs/lib/databases/pgsql.lib.php b/htdocs/lib/databases/pgsql.lib.php index 92eeb008d5c..3f54edfc021 100644 --- a/htdocs/lib/databases/pgsql.lib.php +++ b/htdocs/lib/databases/pgsql.lib.php @@ -915,7 +915,7 @@ class DoliDb */ function DDLCreateUser($dolibarr_main_db_host,$dolibarr_main_db_user,$dolibarr_main_db_pass,$dolibarr_main_db_name) { - $sql = "create user \"".$dolibarr_main_db_user."\" with password '".$dolibarr_main_db_pass."'"; + $sql = "create user \"".addslashes($dolibarr_main_db_user)."\" with password '".addslashes($dolibarr_main_db_pass)."'"; dol_syslog("pgsql.lib::DDLCreateUser", LOG_DEBUG); // No sql to avoid password in log $resql=$this->query($sql); -- GitLab