Merge pull request #19262 from kamil-tekiela/Fix-privileges

MauricioFauth · web-flow · commit 58654435597f · 2024-08-15T19:38:25.000-03:00
Fix privileges Fixes #19177
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -12062,7 +12062,7 @@ parameters:
 
 		-
 			message: "#^Cannot access offset string on mixed\\.$#"
-			count: 2
+			count: 1
 			path: src/Server/Privileges.php
 
 		-
@@ -12077,7 +12077,7 @@ parameters:
 
 		-
 			message: "#^Construct empty\\(\\) is not allowed\\. Use more strict comparison\\.$#"
-			count: 15
+			count: 14
 			path: src/Server/Privileges.php
 
 		-
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
@@ -10323,6 +10323,7 @@
       <code><![CDATA[$GLOBALS['pred_username']]]></code>
       <code><![CDATA[$extraData['db_wildcard_privs']]]></code>
       <code><![CDATA[$foundRows[]]]></code>
+      <code><![CDATA[$grantValue]]></code>
       <code><![CDATA[$host]]></code>
       <code><![CDATA[$hostnameLength]]></code>
       <code><![CDATA[$name]]></code>
@@ -10360,8 +10361,6 @@
       <code><![CDATA[mb_strrpos($exportUser, ';')]]></code>
     </PossiblyFalseOperand>
     <PossiblyInvalidArgument>
-      <code><![CDATA[$GLOBALS[$currentGrant[0]]]]></code>
-      <code><![CDATA[$GLOBALS[$currentGrant[0]]]]></code>
       <code><![CDATA[$_GET['username']]]></code>
       <code><![CDATA[$_POST['authentication_plugin']]]></code>
       <code><![CDATA[$_POST['authentication_plugin']]]></code>
@@ -10380,6 +10379,9 @@
       <code><![CDATA[$hashedPassword]]></code>
       <code><![CDATA[$oldUserGroup]]></code>
     </PossiblyInvalidArgument>
+    <PossiblyInvalidArrayOffset>
+      <code><![CDATA[$_POST[$currentGrant[0]]]]></code>
+    </PossiblyInvalidArrayOffset>
     <PossiblyInvalidCast>
       <code><![CDATA[$_GET['username']]]></code>
       <code><![CDATA[$_POST['authentication_plugin']]]></code>
@@ -10460,9 +10462,8 @@
       <code><![CDATA[$_POST['max_user_connections']]]></code>
     </RiskyCast>
     <RiskyTruthyFalsyComparison>
-      <code><![CDATA[empty($GLOBALS[$currentGrant[0] . '_none'])]]></code>
-      <code><![CDATA[empty($GLOBALS[$currentGrant[0] . '_none'])]]></code>
-      <code><![CDATA[empty($GLOBALS[$currentGrant[0]])]]></code>
+      <code><![CDATA[empty($_POST[$currentGrant[0] . '_none'])]]></code>
+      <code><![CDATA[empty($_POST[$currentGrant[0] . '_none'])]]></code>
       <code><![CDATA[empty($_POST['change_copy'])]]></code>
       <code><![CDATA[empty($_POST['nopass'])]]></code>
       <code><![CDATA[empty($_POST['pma_pw'])]]></code>
diff --git a/src/Server/Privileges.php b/src/Server/Privileges.php
@@ -217,20 +217,20 @@ public function extractPrivInfo(array|null $row = null, bool $enableHTML = false
         $privs = [];
         $allPrivileges = true;
         foreach ($grants as $currentGrant) {
-            if (
-                ($row === null || ! isset($row[$currentGrant[0]]))
-                && ($row !== null || ! isset($GLOBALS[$currentGrant[0]]))
-            ) {
+            if ($row !== null && isset($row[$currentGrant[0]])) {
+                $grantValue = $row[$currentGrant[0]];
+            } elseif ($row === null && isset($_POST[$currentGrant[0]])) {
+                $grantValue = $_POST[$currentGrant[0]];
+            } else {
                 continue;
             }
 
             if (
-                ($row !== null && $row[$currentGrant[0]] === 'Y')
+                ($grantValue === 'Y')
                 || ($row === null
-                && ($GLOBALS[$currentGrant[0]] === 'Y'
-                || (is_array($GLOBALS[$currentGrant[0]])
-                && count($GLOBALS[$currentGrant[0]]) == $_REQUEST['column_count']
-                && empty($GLOBALS[$currentGrant[0] . '_none']))))
+                && is_array($grantValue)
+                && count($grantValue) == $_REQUEST['column_count']
+                && empty($_POST[$currentGrant[0] . '_none']))
             ) {
                 if ($enableHTML) {
                     $privs[] = '<dfn title="' . $currentGrant[2] . '">'
@@ -239,14 +239,13 @@ public function extractPrivInfo(array|null $row = null, bool $enableHTML = false
                     $privs[] = $currentGrant[1];
                 }
             } elseif (
-                ! empty($GLOBALS[$currentGrant[0]])
-                && is_array($GLOBALS[$currentGrant[0]])
-                && empty($GLOBALS[$currentGrant[0] . '_none'])
+                is_array($grantValue) && $grantValue !== []
+                && empty($_POST[$currentGrant[0] . '_none'])
             ) {
                 // Required for proper escaping of ` (backtick) in a column name
                 $grantCols = array_map(
                     Util::backquote(...),
-                    $GLOBALS[$currentGrant[0]],
+                    $grantValue,
                 );
 
                 if ($enableHTML) {

Original file line number	Diff line number	Diff line change
`@@ -12062,7 +12062,7 @@ parameters:`
`12062`	`12062`
`12063`	`12063`	`-`
`12064`	`12064`	`message: "#^Cannot access offset string on mixed\\.$#"`
`12065`		`- count: 2`
	`12065`	`+ count: 1`
`12066`	`12066`	`path: src/Server/Privileges.php`
`12067`	`12067`
`12068`	`12068`	`-`
`@@ -12077,7 +12077,7 @@ parameters:`
`12077`	`12077`
`12078`	`12078`	`-`
`12079`	`12079`	`message: "#^Construct empty\\(\\) is not allowed\\. Use more strict comparison\\.$#"`
`12080`		`- count: 15`
	`12080`	`+ count: 14`
`12081`	`12081`	`path: src/Server/Privileges.php`
`12082`	`12082`
`12083`	`12083`	`-`