Hi Robin!
This is where a malicous input can be made, and it's not as difficult as a custom POST/GET even, just copying the HTML page, and changing a few URLS.
But this is certainly not standard workflow, you have to put your hands on an editor.
In this case, evil user is a malicuos user that has access to a database or table already, and wants to root the system. evil user adds a tranform that reads a piece of data from the server as a root user, somewhere else on the file system, say /tmp (using the docSQL bug). the fix can conform to your naming requirements or not. Now evil user makes his own table, and puts in a value of '/etc/shadow' or any file he wants. he then gets the exact transform he wants to run on the '/etc/shadow' string. He's now got your entire /etc/shadow file, with your passwords or worse.
No. Evil user only transmits the filename he wants to have. This is now inserted into the database. Now, nothing else happens, he has to browse through a table.
There, PMA reads what transformation should be applied. Because his new entry is not inside PMA/libraries/transformations (checked via RegEx), the function inside this file is not executed.
Remember, no files are uploaded inside the directory. Only if the user can put his new file into the libraries/transformation directory, he can gain access to file functions. But then, he could just delete all files because he already has access. :)
Here is an idea for the quickbox, give it three mini-tabs:
Maybe it is a bit complicated to make a three-part query window, so I'll see what can be done there. Worst thing would be to have input-buttons as TAB-icons instead of text links, or to rely on javascript for that, again.
Just seperate the code for the different parts of the tab window into different files maybe? or is the bug JS related?
It is JS related, because currently all history-actions are put into a single form and transmitted from there to itself over and over again.
logout - the logout link in the left frame login - on load of the frameset
Alright. Stupid me. :-)