From: William Desportes <williamdes@wdes.fr>
Date: Sat, 11 Jan 2020 23:27:29 +0100
Subject: Patch for PMASA-2020-1, CVE-2020-5504

Fix CVE-2020-5504

Author: William Desportes <williamdes@wdes.fr>
Origin: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b
---
 libraries/server_privileges.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/server_privileges.lib.php b/libraries/server_privileges.lib.php
index 48acff0..5ea083b 100644
--- a/libraries/server_privileges.lib.php
+++ b/libraries/server_privileges.lib.php
@@ -3144,7 +3144,7 @@ function PMA_getExtraDataForAjaxBehavior(
 
     if (isset($_REQUEST['validate_username'])) {
         $sql_query = "SELECT * FROM `mysql`.`user` WHERE `User` = '"
-            . $_REQUEST['username'] . "';";
+            . $GLOBALS['dbi']->escapeString($_REQUEST['username']) . "';";
         $res = $GLOBALS['dbi']->query($sql_query);
         $row = $GLOBALS['dbi']->fetchRow($res);
         if (empty($row)) {