From f1f72ff9ddcfdeda9c05251ef410ff1dec238405 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Mon, 07 Jan 2013 10:17:09 -0500
Subject: [PATCH] Fixed: FS#2608 - Certain complex database passwords are not escaped properly (MySQL) - passwords are now enrypted already in tform (and remoting) and not stored in datalog clear text - clientdb plugin no longer encrypts password itself but receives crypted password
---
server/plugins-available/mysql_clientdb_plugin.inc.php | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index 101b2cc..ce6bb5a 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -164,6 +164,7 @@
$host_list = '';
if($data['new']['remote_access'] == 'y') {
$host_list = $data['new']['remote_ips'];
+ if($host_list == '') $host_list = '%';
}
if($host_list != '') $host_list .= ',';
$host_list .= 'localhost';
@@ -208,6 +209,7 @@
$host_list = '';
if($data['new']['remote_access'] == 'y') {
$host_list = $data['new']['remote_ips'];
+ if($host_list == '') $host_list = '%';
}
if($host_list != '') $host_list .= ',';
$host_list .= 'localhost';
@@ -391,7 +393,7 @@
}
if($data['new']['database_password'] != $data['old']['database_password'] && $data['new']['database_password'] != '') {
- $link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = PASSWORD('".$link->escape_string($data['new']['database_password'])."');"); // is contained in clear text so PASSWORD() func is needed
+ $link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';");
$app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host,LOGLEVEL_DEBUG);
}
}
--
Gitblit v1.9.1