From 7220b324f5a073cb8ea4c8cf72a67248ce074c57 Mon Sep 17 00:00:00 2001
From: Alan Garcia <a.garcia@nnx.com>
Date: Wed, 30 Oct 2013 10:14:49 +0000
Subject: [PATCH] =?UTF-8?q?Mysql:=20=20-=20ne=20donne=20plus=20les=20droit?=
 =?UTF-8?q?s=20FILE=20mais=20USAGE=20par=20default=20=20-=20corrige=20un?=
 =?UTF-8?q?=20bug=20de=20cr=C3=A9ation=20d'utilisateurs=20MySQL?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bureau/class/m_mysql.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/bureau/class/m_mysql.php b/bureau/class/m_mysql.php
index 93ab6c6a..afd0f918 100644
--- a/bureau/class/m_mysql.php
+++ b/bureau/class/m_mysql.php
@@ -484,7 +484,10 @@ class m_mysql {
       return false;
     }
 
-    $grant="grant ".$rights." on `".$base."`.".$table." to '".$user."'@'".$this->dbus->Client."'" ;
+    # Protect database name if not wildcard
+    if ($base != '*' ) $base = "`".$base."`" ;
+
+    $grant="grant ".$rights." on ".$base.".".$table." to '".$user."'@'".$this->dbus->Client."'" ;
 
     if($pass){
       $grant .= " identified by '".$pass."';";
@@ -741,8 +744,8 @@ class m_mysql {
 
     // We add him to the user table 
     $db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES($cuid,'$user','$password','ACTIVATED');");
-    // We create the user account (the "file" right is the only one we need globally to be able to use load data into outfile)
-    $this->grant("'*'",$user,"FILE",$pass);
+
+    $this->grant("*",$user,"USAGE",$pass);
     return true;
   }