Do not store plain text password to history in creating user

diff --git a/adminer/user.inc.php b/adminer/user.inc.php
index cdf4360c8dbbb3a22fd00ccdc7ca773724d8e833..39520bcb8086bb34a07276106ce00f9419a071ce 100644 (file)
--- a/adminer/user.inc.php
+++ b/adminer/user.inc.php
@@ -46,17 +46,24 @@ if (isset($_GET["host"]) && ($result = $connection->query("SHOW GRANTS FOR " . q
 
 if ($_POST && !$error) {
        $old_user = (isset($_GET["host"]) ? q($USER) . "@" . q($_GET["host"]) : "''");
-       $new_user = q($_POST["user"]) . "@" . q($_POST["host"]); // if $_GET["host"] is not set then $new_user is always different
-       $pass = q($_POST["pass"]);
        if ($_POST["drop"]) {
                query_redirect("DROP USER $old_user", ME . "privileges=", lang('User has been dropped.'));
        } else {
+               $new_user = q($_POST["user"]) . "@" . q($_POST["host"]); // if $_GET["host"] is not set then $new_user is always different
+               $pass = $_POST["pass"];
+               if (!$_POST["hashed"]) {
+                       // compute hash in a separate query so that plain text password is not saved to history
+                       $pass = $connection->result("SELECT PASSWORD(" . q($pass) . ")");
+                       $error = !$pass;
+               }
                $created = false;
-               if ($old_user != $new_user) {
-                       $created = queries(($connection->server_info < 5 ? "GRANT USAGE ON *.* TO" : "CREATE USER") . " $new_user IDENTIFIED BY" . ($_POST["hashed"] ? " PASSWORD" : "") . " $pass");
-                       $error = !$created;
-               } elseif ($_POST["pass"] != $old_pass || !$_POST["hashed"]) {
-                       queries("SET PASSWORD FOR $new_user = " . ($_POST["hashed"] ? $pass : "PASSWORD($pass)"));
+               if (!$error) {
+                       if ($old_user != $new_user) {
+                               $created = queries(($connection->server_info < 5 ? "GRANT USAGE ON *.* TO" : "CREATE USER") . " $new_user IDENTIFIED BY PASSWORD " . q($pass));
+                               $error = !$created;
+                       } elseif ($pass != $old_pass) {
+                               queries("SET PASSWORD FOR $new_user = " . q($pass));
+                       }
                }
                if (!$error) {
                        $revoke = array();

diff --git a/changes.txt b/changes.txt
index f38cb2e17565022ebb32ef21c2408fa1dba5f8f0..4410a034a239ffca59dcecd7051d1ed64797dec8 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -2,8 +2,9 @@ Adminer 3.6.4-dev:
 Display pagination on a fixed position
 Increase default select limit to 50
 Display SQL edit form on Ctrl+click on the select query
-Display SQL history from oldest
+Display SQL history from newest
 Recover original view, trigger, routine if creating fails
+Do not store plain text password to history in creating user
 Selectable ON UPDATE CURRENT_TIMESTAMP field in create table
 Open database to a new window after selecting it with Ctrl
 Clear column name after resetting search (bug #3601200)