escaped _ in mysqlquery, as its a query wildcard. this fixes errors where users with usernames matching start of other usernames getting to much access.

2003-04-03 22:30:45 +00:00
parent 1eff58dd1b
commit c32cea67da
2 changed files with 12 additions and 5 deletions
--- a/mysql-dbadm.c
+++ b/mysql-dbadm.c
@@ -1,5 +1,5 @@
 /*
- * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.7 2002-06-05 08:01:31 tlan Exp $
+ * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.8 2003-04-03 22:30:40 lkarsten Exp $
 *
 * mysql-dbadm.c
 *
@@ -143,8 +143,11 @@ list(MYSQL *pmysql)
 	break;

    wild = malloc(strlen(*cp)+3);
-    sprintf(wild, "%s_%%", *cp);
+    sprintf(wild, "%s\_%%", *cp);

+#ifdef DEBUG
+    printf("dbadm: wildcard: %s\n", wild);
+#endif
    res = mysql_list_dbs(pmysql, wild);
    rows = mysql_num_rows(res);