From 93ce8ffd0f2a1d6e68b4d7e2876149a77f6aaece Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@sonntag.fr>
Date: Mon, 23 May 2016 16:37:32 +0200
Subject: [PATCH] htmlentities in sql_getparams + check if db not found

---
 bureau/admin/sql_getparam.php | 12 ++++++++----
 bureau/class/m_mysql.php      | 13 ++++++++++---
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/bureau/admin/sql_getparam.php b/bureau/admin/sql_getparam.php
index 4da70015..7d9fda0b 100644
--- a/bureau/admin/sql_getparam.php
+++ b/bureau/admin/sql_getparam.php
@@ -38,7 +38,10 @@ if (!$r=$mysql->get_dblist()) {
 	$error=$err->errstr();
 }
 
-
+$r=$mysql->get_defaultsparam($dbname);
+if (!$r) {
+	$error=$err->errstr();
+}
 
 ?>
 <h3><?php __("MySQL Databases"); ?></h3>
@@ -47,8 +50,9 @@ if (!$r=$mysql->get_dblist()) {
 <?php
 	if (isset($error) && $error) {
 		echo "<p class=\"alert alert-danger\">$error</p><p>&nbsp;</p>";
-	}
-$r=$mysql->get_defaultsparam($dbname);
+        include_once("foot.php"); 
+        exit();
+    }
 ?>
 <p><?php __("Your current connection settings are"); ?> : </p>
 <table class="tedit">
@@ -61,7 +65,7 @@ $r=$mysql->get_defaultsparam($dbname);
 	</tr>
 	<tr>
 		<th><?php __("Database"); ?></th>
-		<td><code><?php echo $dbname; ?></code></td>
+<td><code><?php ehe($dbname); ?></code></td>
 	</tr>
 <?php
 if(isset($r['user'])){
diff --git a/bureau/class/m_mysql.php b/bureau/class/m_mysql.php
index d4c68591..265e363c 100644
--- a/bureau/class/m_mysql.php
+++ b/bureau/class/m_mysql.php
@@ -589,7 +589,8 @@ class m_mysql {
         $this->dbus->query("Select * from mysql.db where Db= ? and User!= ? ;", array($dbn, $cuid."_myadm"));
 
         if (!$db->num_rows()) {
-            return $r;
+            $err->raise("mysql",_("Database not found"));
+            return false;
         }
         while ($db->next_record()) {
             $variable = $db->Record;
@@ -652,12 +653,18 @@ class m_mysql {
                 }
             }
         } //endwhile
+        if (!count($r)) {
+            $err->raise("mysql",_("Database not found"));
+            return false;
+        }
         if (!$db->query("SELECT name,password from dbusers where name= ? ;", array($dbu))) {
-            return $r;
+            $err->raise("mysql",_("Database not found"));
+            return false;
         }
 
         if (!$db->num_rows()) {
-            return $r;
+            $err->raise("mysql",_("Database not found"));
+            return false;
         }
         $db->next_record();
         $r['user'] = $db->f('name');