Hi all,
Following queries are used to assess whether the logged in user has super, create user and grant privileges respectively. See [1]
SELECT 1 FROM mysql.user LIMIT 1 SELECT 1 FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE PRIVILEGE_TYPE = 'CREATE USER' LIMIT 1 SELECT 1 FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE IS_GRANTABLE = 'YES' LIMIT 1
However, if I create a user with all global privileges except for 'GRANT', 'SUPER', and 'CREATE USER' privileges all the above queries return 1 since the queries does not check for the grantee column. Rows corresponding to root user make all these queries return 1.
This obviously looks a bug to me. I'm writing to make sure that I'm not missing out on something obvious.
[1] https://github.com/phpmyadmin/phpmyadmin/blob/master/libraries/DatabaseInter...