From 7d0b8e6520a246bd20204613233a0a6ad0f19437 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Mon, 1 Aug 2016 18:15:17 +1200
Subject: [PATCH] BUG Fix permission checking code not correctly handling
 escaped SQL identifiers Fixes
 https://github.com/silverstripe/silverstripe-installer/issues/96

---
 dev/install/MySQLDatabaseConfigurationHelper.php   | 4 +++-
 tests/dev/MySQLDatabaseConfigurationHelperTest.php | 8 ++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/dev/install/MySQLDatabaseConfigurationHelper.php b/dev/install/MySQLDatabaseConfigurationHelper.php
index 91bc19141..5907eb4bb 100644
--- a/dev/install/MySQLDatabaseConfigurationHelper.php
+++ b/dev/install/MySQLDatabaseConfigurationHelper.php
@@ -172,8 +172,10 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper {
 		if(!$this->checkValidDatabaseName($database)) return false;
 
 		// Escape all valid database patterns (permission must exist on all tables)
+		$sqlDatabase = addcslashes($database, '_%'); // See http://dev.mysql.com/doc/refman/5.7/en/string-literals.html
 		$dbPattern = sprintf(
-			'((%s)|(%s)|(%s))',
+			'((%s)|(%s)|(%s)|(%s))',
+			preg_quote("\"$sqlDatabase\".*"), // Regexp escape sql-escaped db identifier
 			preg_quote("\"$database\".*"),
 			preg_quote('"%".*'),
 			preg_quote('*.*')
diff --git a/tests/dev/MySQLDatabaseConfigurationHelperTest.php b/tests/dev/MySQLDatabaseConfigurationHelperTest.php
index 0b3a46d54..ddbc8e72d 100644
--- a/tests/dev/MySQLDatabaseConfigurationHelperTest.php
+++ b/tests/dev/MySQLDatabaseConfigurationHelperTest.php
@@ -74,6 +74,14 @@ class MySQLDatabaseConfigurationHelperTest extends SapphireTest {
 				. " WITH GRANT OPTION"
 		));
 
+		// Accept create on this database only
+		$this->assertNotEmpty($helper->checkDatabasePermissionGrant(
+			'database_name',
+			'create',
+			"GRANT ALL PRIVILEGES, CREATE ON \"database\\_name\".* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'XXXX'"
+				. " WITH GRANT OPTION"
+		));
+
 		// Accept create on any database (alternate wildcard syntax)
 		$this->assertNotEmpty($helper->checkDatabasePermissionGrant(
 			'database_name',