Do not store plain text password to history in creating user
This commit is contained in:
parent
c270a06fb1
commit
0eadfc2b3f
|
@ -46,17 +46,24 @@ if (isset($_GET["host"]) && ($result = $connection->query("SHOW GRANTS FOR " . q
|
||||||
|
|
||||||
if ($_POST && !$error) {
|
if ($_POST && !$error) {
|
||||||
$old_user = (isset($_GET["host"]) ? q($USER) . "@" . q($_GET["host"]) : "''");
|
$old_user = (isset($_GET["host"]) ? q($USER) . "@" . q($_GET["host"]) : "''");
|
||||||
$new_user = q($_POST["user"]) . "@" . q($_POST["host"]); // if $_GET["host"] is not set then $new_user is always different
|
|
||||||
$pass = q($_POST["pass"]);
|
|
||||||
if ($_POST["drop"]) {
|
if ($_POST["drop"]) {
|
||||||
query_redirect("DROP USER $old_user", ME . "privileges=", lang('User has been dropped.'));
|
query_redirect("DROP USER $old_user", ME . "privileges=", lang('User has been dropped.'));
|
||||||
} else {
|
} else {
|
||||||
|
$new_user = q($_POST["user"]) . "@" . q($_POST["host"]); // if $_GET["host"] is not set then $new_user is always different
|
||||||
|
$pass = $_POST["pass"];
|
||||||
|
if (!$_POST["hashed"]) {
|
||||||
|
// compute hash in a separate query so that plain text password is not saved to history
|
||||||
|
$pass = $connection->result("SELECT PASSWORD(" . q($pass) . ")");
|
||||||
|
$error = !$pass;
|
||||||
|
}
|
||||||
$created = false;
|
$created = false;
|
||||||
if ($old_user != $new_user) {
|
if (!$error) {
|
||||||
$created = queries(($connection->server_info < 5 ? "GRANT USAGE ON *.* TO" : "CREATE USER") . " $new_user IDENTIFIED BY" . ($_POST["hashed"] ? " PASSWORD" : "") . " $pass");
|
if ($old_user != $new_user) {
|
||||||
$error = !$created;
|
$created = queries(($connection->server_info < 5 ? "GRANT USAGE ON *.* TO" : "CREATE USER") . " $new_user IDENTIFIED BY PASSWORD " . q($pass));
|
||||||
} elseif ($_POST["pass"] != $old_pass || !$_POST["hashed"]) {
|
$error = !$created;
|
||||||
queries("SET PASSWORD FOR $new_user = " . ($_POST["hashed"] ? $pass : "PASSWORD($pass)"));
|
} elseif ($pass != $old_pass) {
|
||||||
|
queries("SET PASSWORD FOR $new_user = " . q($pass));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (!$error) {
|
if (!$error) {
|
||||||
$revoke = array();
|
$revoke = array();
|
||||||
|
|
|
@ -2,8 +2,9 @@ Adminer 3.6.4-dev:
|
||||||
Display pagination on a fixed position
|
Display pagination on a fixed position
|
||||||
Increase default select limit to 50
|
Increase default select limit to 50
|
||||||
Display SQL edit form on Ctrl+click on the select query
|
Display SQL edit form on Ctrl+click on the select query
|
||||||
Display SQL history from oldest
|
Display SQL history from newest
|
||||||
Recover original view, trigger, routine if creating fails
|
Recover original view, trigger, routine if creating fails
|
||||||
|
Do not store plain text password to history in creating user
|
||||||
Selectable ON UPDATE CURRENT_TIMESTAMP field in create table
|
Selectable ON UPDATE CURRENT_TIMESTAMP field in create table
|
||||||
Open database to a new window after selecting it with Ctrl
|
Open database to a new window after selecting it with Ctrl
|
||||||
Clear column name after resetting search (bug #3601200)
|
Clear column name after resetting search (bug #3601200)
|
||||||
|
|
Loading…
Reference in a new issue