Sebastian Mendel a écrit :
from the code and the documentation i collected this information about how and what phpMyAdmin tries to get the db list:
- first it tries SHOW DATABASE for the current user
- if this fails it tries it with controluser and checks against
privilege tables
The logic you are mentioning (try with the controluser) is located in PMA_safe_db_list() and AFAIK is only called if only_db is defined. Of course this is not correct. I wrote last week that I was not seeing PMA_safe_db_list() executed, this is the reason.
I think that in some older version, this logic was called in more occasions: the fallback with the controluser was used in more cases.
but the documentation says only that the controlusers requires access to various `mysql`-tables - not that he also requires SHOW DATABASES privileges - without this a user with global select privileges will not see any database - or wildcards cannot expanded to real db names
if this both fails the dblist stays empty
phpMyAdmin drops all db's not in cfg[only_db]
phpMyAdmin drops db's in cfg[hide_db]
phpMyAdmin tries every db with USE DATABASE (for specific MySQL version)
Questions:
"Note: starting with phpMyAdmin 2.6.1, this section is only applicable if your MySQL server is older than 4.1.2, or is running with --skip-show-database."
Why "is older than 4.1.2"?
thinks i want to change:
- if SHOW DATABASE fails try INFORMATION_SCHEMA
- merge PMA_safe_db_list(), PMA_availableDatabases(),
PMA_DBI_get_dblist() into a single function
- if the dblist is still empty check `mysql` and `INFORMATION_SCHEMA`
with USE DATABASE and add them to the list
please correct me if i missed something and feel free to comment