From 4d2cb4427cf615e1e6cf2d8e80f9361c0a143fdf Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 29 Dec 2011 06:03:01 -0500
Subject: [PATCH] - Changed default security level to high in server.ini.master

---
 server/plugins-available/mysql_clientdb_plugin.inc.php |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index 48d8fcf..65c87d7 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -75,7 +75,7 @@
       if(trim($host_list) == '') $host_list = '%';
       
       // process arrays and comma separated strings
-      if(!is_array($host_list)) $host_list = split(',', $host_list);
+      if(!is_array($host_list)) $host_list = explode(',', $host_list);
       
       $success = true;
       
@@ -158,7 +158,7 @@
 				}
 				
 				$db_host = 'localhost';
-				mysql_query("GRANT ALL ON ".mysql_real_escape_string($data['new']['database_name'],$link).".* TO '".mysql_real_escape_string($data['new']['database_user'],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data['new']['database_password'],$link)."';",$link);
+				mysql_query("GRANT ALL ON `".str_replace(array('_','%'),array('\\_','\\%'),mysql_real_escape_string($data['new']['database_name'],$link))."`.* TO '".mysql_real_escape_string($data['new']['database_user'],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data['new']['database_password'],$link)."';",$link);
 
 				
 			}
@@ -197,7 +197,7 @@
 				}
 				
 				$db_host = 'localhost';
-				mysql_query("GRANT ALL ON ".mysql_real_escape_string($data['new']['database_name'],$link).".* TO '".mysql_real_escape_string($data['new']['database_user'],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data['new']['database_password'],$link)."';",$link);
+				mysql_query("GRANT ALL ON `".str_replace(array('_','%'),array('\\_','\\%'),mysql_real_escape_string($data['new']['database_name'],$link))."`.* TO '".mysql_real_escape_string($data['new']['database_user'],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data['new']['database_password'],$link)."';",$link);
 				
 				// mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
 				//echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';";
@@ -222,7 +222,7 @@
 				$db_host = 'localhost';
 				mysql_query("RENAME USER '".mysql_real_escape_string($data['old']['database_user'],$link)."'@'$db_host' TO '".mysql_real_escape_string($data['new']['database_user'],$link)."'@'$db_host'",$link);
 				if($data['old']['remote_access'] == 'y') {
-          $this->process_host_list('RENAME', '', $data['new']['database_user'], '', $data['new']['remote_ips'], $link, $data['new']['database_user']);
+					$this->process_host_list('RENAME', '', $data['old']['database_user'], '', $data['new']['remote_ips'], $link, $data['new']['database_user']);
 				}
 				$app->log('Renaming MySQL user: '.$data['old']['database_user'].' to '.$data['new']['database_user'],LOGLEVEL_DEBUG);
 			}

--
Gitblit v1.9.1