Avoid privilege for setting the for MariaDB/MySQL, fixes #919

This commit is contained in:
El RIDO 2022-04-19 18:44:00 +02:00
parent a15b395eaf
commit 0e2ec27033
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
2 changed files with 3 additions and 1 deletions

View file

@ -1,5 +1,7 @@
# PrivateBin version history # PrivateBin version history
* **1.4.1 (not yet released)**
* CHANGED: Avoid `SUPER` privilege for setting the `sql_mode` for MariaDB/MySQL (#919)
* **1.4 (2022-04-09)** * **1.4 (2022-04-09)**
* ADDED: Translations for Corsican, Estonian, Finnish and Lojban * ADDED: Translations for Corsican, Estonian, Finnish and Lojban
* ADDED: new HTTP headers improving security (#765) * ADDED: new HTTP headers improving security (#765)

View file

@ -100,7 +100,7 @@ class Database extends AbstractData
// MySQL uses backticks to quote identifiers by default, // MySQL uses backticks to quote identifiers by default,
// tell it to expect ANSI SQL double quotes // tell it to expect ANSI SQL double quotes
if (self::$_type === 'mysql' && defined('PDO::MYSQL_ATTR_INIT_COMMAND')) { if (self::$_type === 'mysql' && defined('PDO::MYSQL_ATTR_INIT_COMMAND')) {
$options['opt'][PDO::MYSQL_ATTR_INIT_COMMAND] = "SET sql_mode='ANSI_QUOTES'"; $options['opt'][PDO::MYSQL_ATTR_INIT_COMMAND] = "SET SESSION sql_mode='ANSI_QUOTES'";
} }
$tableQuery = self::_getTableQuery(self::$_type); $tableQuery = self::_getTableQuery(self::$_type);
self::$_db = new PDO( self::$_db = new PDO(