Michal Čihař wrote:
Hi all
anyone working on this?
is already fixed
this is how we fixed this:
grab_globals.inc.php#34:
// protect against older PHP versions' bug about GLOBALS overwrite // (no need to translate this one :) ) // but what if script.php?GLOABLS[admin]=1&GLOBALS[_REQUEST]=1 ??? if ( isset( $_REQUEST['GLOBALS'] ) || isset( $_FILES['GLOBALS'] ) || isset( $_SERVER['GLOBALS'] ) || isset( $_COOKIE['GLOBALS'] ) || isset( $_ENV['GLOBALS'] ) ) { die( 'GLOBALS overwrite attempt' ); }
the original patch: ------------------------------- Cross-site scripting by trusting potentially user-supplied input.
diff -u -p -Nr --exclude CVS phpmyadmin-2.6.2.orig/libraries/header_meta_style.inc.php phpmyadmin-2.6.2/libraries/header_meta_style.inc.php --- phpmyadmin-2.6.2.orig/libraries/header_meta_style.inc.php 2005-03-07 00:23:46.000000000 +0100 +++ phpmyadmin-2.6.2/libraries/header_meta_style.inc.php 2005-11-18 07:08:56.000000000 +0100 @@ -2,6 +2,10 @@ /* $Id: header_meta_style.inc.php,v 2.3 2005/03/06 23:23:46 nijel Exp $ */ // vim: expandtab sw=4 ts=4 sts=4:
+if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) { + die("GLOBALS overwrite attempt"); +} + /** * Sends the beginning of the html page then returns to the calling script */ diff -u -p -Nr --exclude CVS phpmyadmin-2.6.2.orig/libraries/header_http.inc.php phpmyadmin-2.6.2/libraries/header_http.inc.php --- phpmyadmin-2.6.2.orig/libraries/header_http.inc.php 2004-04-27 14:36:11.000000000 +0200 +++ phpmyadmin-2.6.2/libraries/header_http.inc.php 2005-11-18 22:06:46.000000000 +0100 @@ -2,6 +2,10 @@ /* $Id: header_http.inc.php,v 2.1 2004/04/27 12:36:11 nijel Exp $ */ // vim: expandtab sw=4 ts=4 sts=4:
+if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) { + die("GLOBALS overwrite attempt"); +} + /** * Sends http headers */ -----------------------------