From 0e2ec27033aeaf6b034b2292d9d41ed19f7b9c82 Mon Sep 17 00:00:00 2001
From: El RIDO <elrido@gmx.net>
Date: Tue, 19 Apr 2022 18:44:00 +0200
Subject: [PATCH] Avoid  privilege for setting the  for MariaDB/MySQL, fixes
 #919

---
 CHANGELOG.md          | 2 ++
 lib/Data/Database.php | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9526c7df..dd9263bb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,7 @@
 # PrivateBin version history
 
+  * **1.4.1 (not yet released)**
+    * CHANGED: Avoid `SUPER` privilege for setting the `sql_mode` for MariaDB/MySQL (#919)
   * **1.4 (2022-04-09)**
     * ADDED: Translations for Corsican, Estonian, Finnish and Lojban
     * ADDED: new HTTP headers improving security (#765)
diff --git a/lib/Data/Database.php b/lib/Data/Database.php
index 4b29fe2f..2aa3ecd6 100644
--- a/lib/Data/Database.php
+++ b/lib/Data/Database.php
@@ -100,7 +100,7 @@ class Database extends AbstractData
             // MySQL uses backticks to quote identifiers by default,
             // tell it to expect ANSI SQL double quotes
             if (self::$_type === 'mysql' && defined('PDO::MYSQL_ATTR_INIT_COMMAND')) {
-                $options['opt'][PDO::MYSQL_ATTR_INIT_COMMAND] = "SET sql_mode='ANSI_QUOTES'";
+                $options['opt'][PDO::MYSQL_ATTR_INIT_COMMAND] = "SET SESSION sql_mode='ANSI_QUOTES'";
             }
             $tableQuery = self::_getTableQuery(self::$_type);
             self::$_db  = new PDO(