From 9bce571836ef6f8da86f47d18fdd1952e2e914a3 Mon Sep 17 00:00:00 2001
From: Jesse Norell <jesse@kci.net>
Date: Thu, 17 Sep 2020 11:38:51 -0600
Subject: [PATCH 1/2] fix database name escaping

---
 server/plugins-available/mysql_clientdb_plugin.inc.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index f28e6006ce..f39499f359 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -137,7 +137,7 @@ class mysql_clientdb_plugin {
 			if($user_access_mode == 'r') $grants = 'SELECT';
 			elseif($user_access_mode == 'rd') $grants = 'SELECT, DELETE, ALTER, DROP';
 
-			$database_name = str_replace('_', '\\_', $link->escape_string($database_name));
+			$database_name = str_replace('_', '\_', $link->escape_string($database_name));
 
 			if($action == 'GRANT') {
 				if($user_access_mode == 'r' || $user_access_mode == 'rd') {
@@ -168,8 +168,8 @@ class mysql_clientdb_plugin {
 				} 
 
 				// Set the grant
-				if(!$link->query("GRANT " . $grants . " ON `".$link->escape_string($database_name)."`.* TO '".$link->escape_string($database_user)."'@'$db_host'")) $success = false;
-				$app->log("GRANT " . $grants . " ON `".$link->escape_string($database_name)."`.* TO '".$link->escape_string($database_user)."'@'$db_host' success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
+				if(!$link->query("GRANT " . $grants . " ON `".$database_name."`.* TO '".$link->escape_string($database_user)."'@'$db_host'")) $success = false;
+				$app->log("GRANT " . $grants . " ON `".$database_name."`.* TO '".$link->escape_string($database_user)."'@'$db_host' success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
 
 				} elseif($action == 'REVOKE') {
 				if(!$link->query("REVOKE ALL PRIVILEGES ON `".$database_name."`.* FROM '".$link->escape_string($database_user)."'@'$db_host'")) $success = false;
-- 
GitLab


From 57f864f0d93f99d6731274be312f7f72bee2a7c7 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Fri, 18 Sep 2020 13:52:56 +0200
Subject: [PATCH 2/2] Apply 1 suggestion(s) to 1 file(s)

---
 server/plugins-available/mysql_clientdb_plugin.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index f39499f359..726efe5118 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -137,7 +137,7 @@ class mysql_clientdb_plugin {
 			if($user_access_mode == 'r') $grants = 'SELECT';
 			elseif($user_access_mode == 'rd') $grants = 'SELECT, DELETE, ALTER, DROP';
 
-			$database_name = str_replace('_', '\_', $link->escape_string($database_name));
+			$database_name = str_replace('_', '\\_', $link->escape_string($database_name));
 
 			if($action == 'GRANT') {
 				if($user_access_mode == 'r' || $user_access_mode == 'rd') {
-- 
GitLab