Git November 2011

git@phpmyadmin.net

7 participants
156 discussions

[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_7_1-22593-gdc41e8c

by Michal Čihař

The branch, master has been updated via dc41e8cddd7f06635dde62b4b9590e79205dda1a (commit) via 0212c7c01562418410c559ca081ef6239e6b13cb (commit) via c672292268cf456a75f59e2cb0a3219b865bc094 (commit) via 849b6818f81cae1d5ae0a6857b6e5839a8b3ea10 (commit) via ec040a1b6e9d19bf3439e3f8931a4d63720ce867 (commit) from f42d162b0d0301b67723eb1ac5a3f584a515c8f3 (commit) - Log ----------------------------------------------------------------- commit dc41e8cddd7f06635dde62b4b9590e79205dda1a Merge: c672292 0212c7c Author: Michal Čihař <mcihar(a)suse.cz> Date: Thu Nov 10 15:46:47 2011 +0100 Merge remote-tracking branch 'origin/QA_3_4' commit c672292268cf456a75f59e2cb0a3219b865bc094 Author: Michal Čihař <mcihar(a)suse.cz> Date: Thu Nov 10 15:42:10 2011 +0100 rfe #1632106 [interface] Improved error handling ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + libraries/database_interface.lib.php | 25 ++++++++++++++++--------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 05439c6..b58121f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -57,6 +57,7 @@ phpMyAdmin - ChangeLog - [usability] Removed an unnecessary AJAX request from database search - bug #3302419 [navi] Tabs break when squeezing page + rfe #3406797 [navi] Stick table tools to top of page on scroll ++ rfe #1632106 [interface] Improved error handling 3.4.8.0 (not yet released) - bug #3425230 [interface] enum data split at space char (more space to edit) diff --git a/libraries/database_interface.lib.php b/libraries/database_interface.lib.php index 4fcdfcf..2dea06b 100644 --- a/libraries/database_interface.lib.php +++ b/libraries/database_interface.lib.php @@ -1761,17 +1761,24 @@ function PMA_DBI_formatError($error_number, $error_message) $error = '#' . ((string) $error_number); if ($error_number == 2002) { - $error .= ' - ' . __('The server is not responding (or the local server\'s socket is not correctly configured).'); + $error .= ' - ' . $error_message; + $error .= '<br />' . __('The server is not responding (or the local server\'s socket is not correctly configured).'); } elseif ($error_number == 2003) { - $error .= ' - ' . __('The server is not responding.'); + $error .= ' - ' . $error_message; + $error .= '<br />' . __('The server is not responding.'); } elseif ($error_number == 1005) { - /* InnoDB contraints, see - * http://dev.mysql.com/doc/refman/5.0/en/innodb-foreign-key-constraints.html - */ - $error .= ' - ' . $error_message . - ' (<a href="server_engines.php' . - PMA_generate_common_url(array('engine' => 'InnoDB', 'page' => 'Status')) . - '">' . __('Details...') . '</a>)'; + if (strpos($error_message, 'errno: 13') !== FALSE) { + $error .= ' - ' . $error_message; + $error .= '<br />' . __('Please check privileges of directory containing database.'); + } else { + /* InnoDB contraints, see + * http://dev.mysql.com/doc/refman/5.0/en/innodb-foreign-key-constraints.html + */ + $error .= ' - ' . $error_message . + ' (<a href="server_engines.php' . + PMA_generate_common_url(array('engine' => 'InnoDB', 'page' => 'Status')) . + '">' . __('Details...') . '</a>)'; + } } else { $error .= ' - ' . $error_message; } hooks/post-receive -- phpMyAdmin

12 years, 10 months

[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_7_1-25-g0212c7c

by Michal Čihař

The branch, QA_3_4 has been updated via 0212c7c01562418410c559ca081ef6239e6b13cb (commit) via ec040a1b6e9d19bf3439e3f8931a4d63720ce867 (commit) from 849b6818f81cae1d5ae0a6857b6e5839a8b3ea10 (commit) - Log ----------------------------------------------------------------- commit 0212c7c01562418410c559ca081ef6239e6b13cb Merge: 849b681 ec040a1 Author: Michal Čihař <mcihar(a)suse.cz> Date: Thu Nov 10 15:44:43 2011 +0100 Merge remote-tracking branch 'origin/MAINT_3_4_7' into QA_3_4 ----------------------------------------------------------------------- Summary of changes: hooks/post-receive -- phpMyAdmin

12 years, 10 months

[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. 1a56dd2e02918cef7485f37af0d0a190664f3374

by Marc Delisle

The branch, master has been updated via 1a56dd2e02918cef7485f37af0d0a190664f3374 (commit) from fd6c4ccdbbf9d272dd8e5093f1c9c8981987cf70 (commit) - Log ----------------------------------------------------------------- commit 1a56dd2e02918cef7485f37af0d0a190664f3374 Author: Marc Delisle <marc(a)infomarc.info> Date: Thu Nov 10 09:36:06 2011 -0500 PMASA-2011-17 ----------------------------------------------------------------------- Summary of changes: templates/security/PMASA-2011-17 | 60 ++++++++++++++++++++++++++++++++++++++ 1 files changed, 60 insertions(+), 0 deletions(-) create mode 100644 templates/security/PMASA-2011-17 diff --git a/templates/security/PMASA-2011-17 b/templates/security/PMASA-2011-17 new file mode 100644 index 0000000..9fc013c --- /dev/null +++ b/templates/security/PMASA-2011-17 @@ -0,0 +1,60 @@ +<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip=""> + +<py:def function="announcement_id"> +PMASA-2011-17 +</py:def> + +<py:def function="announcement_date"> +2011-11-10 +</py:def> + +<py:def function="announcement_summary"> +Local file inclusion. +</py:def> + +<py:def function="announcement_description"> +Importing a specially-crafted XML file which contains an XML entity injection +permits to retrieve a local file (limited by the privileges of the user +running the web server). +</py:def> + +<py:def function="announcement_mitigation"> +The attacker must be logged in to MySQL via phpMyAdmin. +</py:def> + +<py:def function="announcement_severity"> +We consider this vulnerability to be serious. +</py:def> + +<py:def function="announcement_affected"> +Versions 3.3.x and 3.4.x are affected. +</py:def> + +<py:def function="announcement_solution"> +Upgrade to phpMyAdmin 3.4.7.1 or newer (or 3.3.10.5) or apply the related patches listed below. +</py:def> + +<py:def function="announcement_references"> +Thanks to Jan Lieskovsky from the Red Hat Security Response Team who warned +the phpMyAdmin project that public disclosure of this problem has occurred. +</py:def> + +<py:def function="announcement_cve">CVE-2011-4107</py:def> + +<py:def function="announcement_cwe">661</py:def> + +<py:def function="announcement_commits_3_4"> +05f96b921a7e7dacd02be5ca61b2e7bdd014ee55 +34d99de000de9d15cfdf5e9cc8b7682d51110bbd +a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5 +</py:def> + +<py:def function="announcement_commits_3_3"> +75606e5f82280eb1a3817badf1b24d512a010b80 +1a89c8ecfd09ceace81fb11e488f12599c0e49b6 +2fbf631384fd8cded55f4500cb87b129442f9ed2 +5fa86b8e81565c15ddbc359e8f59ecd829a2b717 +</py:def> + +<xi:include href="_page.tpl" /> +</html> hooks/post-receive -- phpMyAdmin website

12 years, 10 months

[Phpmyadmin-git] [SCM] phpMyAdmin branch, TESTING, updated. RELEASE_3_4_7_1-49-gbced70f

by Marc Delisle

The branch, TESTING has been updated via bced70f81d0868f163189d06a49aa2da676dc98b (commit) via ec040a1b6e9d19bf3439e3f8931a4d63720ce867 (commit) via 1b8f5a5c098905997a3072170d773a073331f7f6 (commit) via 05f96b921a7e7dacd02be5ca61b2e7bdd014ee55 (commit) via 4dd5c0d0dc413d2cb2cfcb31f8d4aec0c753033c (commit) via 063e6f92929c3aed3641cf79add4128c7e972d2f (commit) via 987f943de33a0d0aa6ac3e3c352d48ac4a527a6d (commit) via 34d99de000de9d15cfdf5e9cc8b7682d51110bbd (commit) via a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5 (commit) from f445a9383bd166924aa1701ac189d3a2df5806e6 (commit) - Log ----------------------------------------------------------------- commit bced70f81d0868f163189d06a49aa2da676dc98b Merge: f445a93 ec040a1 Author: Marc Delisle <marc(a)infomarc.info> Date: Thu Nov 10 09:15:22 2011 -0500 Merge branch 'MAINT_3_4_7' into TESTING ----------------------------------------------------------------------- Summary of changes: ChangeLog | 5 +++- Documentation.html | 7 ++++- README | 2 +- libraries/Config.class.php | 2 +- libraries/import/ods.php | 12 ++++++++++ libraries/import/xml.php | 50 +++++++++++++++++++++++++++---------------- 6 files changed, 54 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index ddba865..2797494 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,10 @@ phpMyAdmin - ChangeLog ====================== -3.4.7.0 (not yet released) +3.4.7.1 (2011-11-10) +- [security] Fixed possible local file inclusion in XML import (CVE-2011-4107). + +3.4.7.0 (2011-10-23) - bug #3418610 [interface] Links in navigation when $cfg['MainPageIconic'] = false - bug #3418849 [interface] Inline edit shows dropdowns even after closing - bug [view] View renaming did not work diff --git a/Documentation.html b/Documentation.html index 834215c..083da6e 100644 --- a/Documentation.html +++ b/Documentation.html @@ -9,7 +9,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <link rel="icon" href="./favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - <title>phpMyAdmin 3.4.7 - Documentation</title> + <title>phpMyAdmin 3.4.7.1 - Documentation</title> <link rel="stylesheet" type="text/css" href="docs.css" /> </head> @@ -17,7 +17,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <div id="header"> <h1> <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a> - 3.4.7 + 3.4.7.1 Documentation </h1> </div> @@ -82,6 +82,9 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <li>To support BLOB streaming, see PHP and MySQL requirements in <a href="#faq6_25"> <abbr title="Frequently Asked Questions">FAQ</abbr> 6.25</a>.</li> + <li>To support XML and Open Document Spreadsheet importing, + you need PHP 5.2.17 or newer and the + <a href="http://www.php.net/libxml"><tt>libxml</tt></a> extension.</li> </ul> </li> <li><b>MySQL</b> 5.0 or newer (<a href="#faq1_17">details</a>);</li> diff --git a/README b/README index ae117eb..488cb04 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 3.4.7 +Version 3.4.7.1 A set of PHP-scripts to manage MySQL over the web. diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 824d04c..f42ad6e 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -96,7 +96,7 @@ class PMA_Config */ function checkSystem() { - $this->set('PMA_VERSION', '3.4.7'); + $this->set('PMA_VERSION', '3.4.7.1'); /** * @deprecated */ diff --git a/libraries/import/ods.php b/libraries/import/ods.php index 4bf5200..9016016 100644 --- a/libraries/import/ods.php +++ b/libraries/import/ods.php @@ -14,6 +14,13 @@ if (! defined('PHPMYADMIN')) { } /** + * We need way to disable external XML entities processing. + */ +if (!function_exists('libxml_disable_entity_loader')) { + return; +} + +/** * The possible scopes for $plugin_param are: 'table', 'database', and 'server' */ @@ -64,6 +71,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) { unset($data); /** + * Disable loading of external XML entities. + */ +libxml_disable_entity_loader(); + +/** * Load the XML string * * The option LIBXML_COMPACT is specified because it can diff --git a/libraries/import/xml.php b/libraries/import/xml.php index 640aac8..ce20fe7 100644 --- a/libraries/import/xml.php +++ b/libraries/import/xml.php @@ -13,6 +13,13 @@ if (! defined('PHPMYADMIN')) { } /** + * We need way to disable external XML entities processing. + */ +if (!function_exists('libxml_disable_entity_loader')) { + return; +} + +/** * The possible scopes for $plugin_param are: 'table', 'database', and 'server' */ @@ -57,6 +64,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) { unset($data); /** + * Disable loading of external XML entities. + */ +libxml_disable_entity_loader(); + +/** * Load the XML string * * The option LIBXML_COMPACT is specified because it can @@ -141,19 +153,19 @@ if (isset($namespaces['pma'])) { * Get structures for all tables */ $struct = $xml->children($namespaces['pma']); - + $create = array(); - + foreach ($struct as $tier1 => $val1) { foreach($val1 as $tier2 => $val2) { /* Need to select the correct database for the creation of tables, views, triggers, etc. */ /** - * @todo Generating a USE here blocks importing of a table - * into another database. + * @todo Generating a USE here blocks importing of a table + * into another database. */ $attrs = $val2->attributes(); $create[] = "USE " . PMA_backquote($attrs["name"]); - + foreach ($val2 as $val3) { /** * Remove the extra cosmetic spacing @@ -163,7 +175,7 @@ if (isset($namespaces['pma'])) { } } } - + $struct_present = true; } @@ -179,13 +191,13 @@ $data_present = false; */ if (@count($xml->children())) { $data_present = true; - + /** * Process all database content */ foreach ($xml as $k1 => $v1) { $tbl_attr = $v1->attributes(); - + $isInTables = false; for ($i = 0; $i < count($tables); ++$i) { if (! strcmp($tables[$i][TBL_NAME], (string)$tbl_attr['name'])) { @@ -193,11 +205,11 @@ if (@count($xml->children())) { break; } } - + if ($isInTables == false) { $tables[] = array((string)$tbl_attr['name']); } - + foreach ($v1 as $k2 => $v2) { $row_attr = $v2->attributes(); if (! array_search((string)$row_attr['name'], $tempRow)) @@ -206,17 +218,17 @@ if (@count($xml->children())) { } $tempCells[] = (string)$v2; } - + $rows[] = array((string)$tbl_attr['name'], $tempRow, $tempCells); - + $tempRow = array(); $tempCells = array(); } - + unset($tempRow); unset($tempCells); unset($xml); - + /** * Bring accumulated rows into the corresponding table */ @@ -227,17 +239,17 @@ if (@count($xml->children())) { if (! isset($tables[$i][COL_NAMES])) { $tables[$i][] = $rows[$j][COL_NAMES]; } - + $tables[$i][ROWS][] = $rows[$j][ROWS]; } } } - + unset($rows); - + if (! $struct_present) { $analyses = array(); - + $len = count($tables); for ($i = 0; $i < $len; ++$i) { $analyses[] = PMA_analyzeTable($tables[$i]); @@ -289,7 +301,7 @@ if (strlen($db)) { if ($db_name === NULL) { $db_name = 'XML_DB'; } - + /* Set database collation/charset */ $options = array( 'db_collation' => $collation, hooks/post-receive -- phpMyAdmin

12 years, 10 months

[Phpmyadmin-git] [SCM] phpMyAdmin branch, STABLE, updated. RELEASE_3_4_7_1-28-ga8cea19

by Marc Delisle

The branch, STABLE has been updated via a8cea1918a48ddde91e52d59c26700d41499fcc8 (commit) via ec040a1b6e9d19bf3439e3f8931a4d63720ce867 (commit) via 1b8f5a5c098905997a3072170d773a073331f7f6 (commit) via 05f96b921a7e7dacd02be5ca61b2e7bdd014ee55 (commit) via 4dd5c0d0dc413d2cb2cfcb31f8d4aec0c753033c (commit) via 063e6f92929c3aed3641cf79add4128c7e972d2f (commit) via 987f943de33a0d0aa6ac3e3c352d48ac4a527a6d (commit) via 34d99de000de9d15cfdf5e9cc8b7682d51110bbd (commit) via a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5 (commit) from 9b77e4d68754a39617136a44d9b5cbb21c70cf7a (commit) - Log ----------------------------------------------------------------- commit a8cea1918a48ddde91e52d59c26700d41499fcc8 Merge: 9b77e4d ec040a1 Author: Marc Delisle <marc(a)infomarc.info> Date: Thu Nov 10 09:15:22 2011 -0500 Merge branch 'MAINT_3_4_7' into STABLE ----------------------------------------------------------------------- Summary of changes: ChangeLog | 5 +++- Documentation.html | 7 ++++- README | 2 +- libraries/Config.class.php | 2 +- libraries/import/ods.php | 12 ++++++++++ libraries/import/xml.php | 50 +++++++++++++++++++++++++++---------------- 6 files changed, 54 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index 04455a7..6ada51e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,10 @@ phpMyAdmin - ChangeLog ====================== -3.4.7.0 (not yet released) +3.4.7.1 (2011-11-10) +- [security] Fixed possible local file inclusion in XML import (CVE-2011-4107). + +3.4.7.0 (2011-10-23) - bug #3418610 [interface] Links in navigation when $cfg['MainPageIconic'] = false - bug #3418849 [interface] Inline edit shows dropdowns even after closing - bug [view] View renaming did not work diff --git a/Documentation.html b/Documentation.html index 834215c..083da6e 100644 --- a/Documentation.html +++ b/Documentation.html @@ -9,7 +9,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <link rel="icon" href="./favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - <title>phpMyAdmin 3.4.7 - Documentation</title> + <title>phpMyAdmin 3.4.7.1 - Documentation</title> <link rel="stylesheet" type="text/css" href="docs.css" /> </head> @@ -17,7 +17,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <div id="header"> <h1> <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a> - 3.4.7 + 3.4.7.1 Documentation </h1> </div> @@ -82,6 +82,9 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <li>To support BLOB streaming, see PHP and MySQL requirements in <a href="#faq6_25"> <abbr title="Frequently Asked Questions">FAQ</abbr> 6.25</a>.</li> + <li>To support XML and Open Document Spreadsheet importing, + you need PHP 5.2.17 or newer and the + <a href="http://www.php.net/libxml"><tt>libxml</tt></a> extension.</li> </ul> </li> <li><b>MySQL</b> 5.0 or newer (<a href="#faq1_17">details</a>);</li> diff --git a/README b/README index ae117eb..488cb04 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 3.4.7 +Version 3.4.7.1 A set of PHP-scripts to manage MySQL over the web. diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 824d04c..f42ad6e 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -96,7 +96,7 @@ class PMA_Config */ function checkSystem() { - $this->set('PMA_VERSION', '3.4.7'); + $this->set('PMA_VERSION', '3.4.7.1'); /** * @deprecated */ diff --git a/libraries/import/ods.php b/libraries/import/ods.php index 4bf5200..9016016 100644 --- a/libraries/import/ods.php +++ b/libraries/import/ods.php @@ -14,6 +14,13 @@ if (! defined('PHPMYADMIN')) { } /** + * We need way to disable external XML entities processing. + */ +if (!function_exists('libxml_disable_entity_loader')) { + return; +} + +/** * The possible scopes for $plugin_param are: 'table', 'database', and 'server' */ @@ -64,6 +71,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) { unset($data); /** + * Disable loading of external XML entities. + */ +libxml_disable_entity_loader(); + +/** * Load the XML string * * The option LIBXML_COMPACT is specified because it can diff --git a/libraries/import/xml.php b/libraries/import/xml.php index 640aac8..ce20fe7 100644 --- a/libraries/import/xml.php +++ b/libraries/import/xml.php @@ -13,6 +13,13 @@ if (! defined('PHPMYADMIN')) { } /** + * We need way to disable external XML entities processing. + */ +if (!function_exists('libxml_disable_entity_loader')) { + return; +} + +/** * The possible scopes for $plugin_param are: 'table', 'database', and 'server' */ @@ -57,6 +64,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) { unset($data); /** + * Disable loading of external XML entities. + */ +libxml_disable_entity_loader(); + +/** * Load the XML string * * The option LIBXML_COMPACT is specified because it can @@ -141,19 +153,19 @@ if (isset($namespaces['pma'])) { * Get structures for all tables */ $struct = $xml->children($namespaces['pma']); - + $create = array(); - + foreach ($struct as $tier1 => $val1) { foreach($val1 as $tier2 => $val2) { /* Need to select the correct database for the creation of tables, views, triggers, etc. */ /** - * @todo Generating a USE here blocks importing of a table - * into another database. + * @todo Generating a USE here blocks importing of a table + * into another database. */ $attrs = $val2->attributes(); $create[] = "USE " . PMA_backquote($attrs["name"]); - + foreach ($val2 as $val3) { /** * Remove the extra cosmetic spacing @@ -163,7 +175,7 @@ if (isset($namespaces['pma'])) { } } } - + $struct_present = true; } @@ -179,13 +191,13 @@ $data_present = false; */ if (@count($xml->children())) { $data_present = true; - + /** * Process all database content */ foreach ($xml as $k1 => $v1) { $tbl_attr = $v1->attributes(); - + $isInTables = false; for ($i = 0; $i < count($tables); ++$i) { if (! strcmp($tables[$i][TBL_NAME], (string)$tbl_attr['name'])) { @@ -193,11 +205,11 @@ if (@count($xml->children())) { break; } } - + if ($isInTables == false) { $tables[] = array((string)$tbl_attr['name']); } - + foreach ($v1 as $k2 => $v2) { $row_attr = $v2->attributes(); if (! array_search((string)$row_attr['name'], $tempRow)) @@ -206,17 +218,17 @@ if (@count($xml->children())) { } $tempCells[] = (string)$v2; } - + $rows[] = array((string)$tbl_attr['name'], $tempRow, $tempCells); - + $tempRow = array(); $tempCells = array(); } - + unset($tempRow); unset($tempCells); unset($xml); - + /** * Bring accumulated rows into the corresponding table */ @@ -227,17 +239,17 @@ if (@count($xml->children())) { if (! isset($tables[$i][COL_NAMES])) { $tables[$i][] = $rows[$j][COL_NAMES]; } - + $tables[$i][ROWS][] = $rows[$j][ROWS]; } } } - + unset($rows); - + if (! $struct_present) { $analyses = array(); - + $len = count($tables); for ($i = 0; $i < $len; ++$i) { $analyses[] = PMA_analyzeTable($tables[$i]); @@ -289,7 +301,7 @@ if (strlen($db)) { if ($db_name === NULL) { $db_name = 'XML_DB'; } - + /* Set database collation/charset */ $options = array( 'db_collation' => $collation, hooks/post-receive -- phpMyAdmin

12 years, 10 months

[Phpmyadmin-git] [SCM] phpMyAdmin annotated tag, RELEASE_3_4_7_1, created. RELEASE_3_4_7_1

by Marc Delisle

The annotated tag, RELEASE_3_4_7_1 has been created at 1592b2224b7eb2e983c3953ae1b8f948ff16dae6 (tag) tagging ec040a1b6e9d19bf3439e3f8931a4d63720ce867 (commit) replaces RELEASE_3_4_7 tagged by Marc Delisle on Thu Nov 10 09:15:21 2011 -0500 - Log ----------------------------------------------------------------- Released 3.4.7.1 Marc Delisle (3): New PHP requirements for XML and ODS importing ChangeLog for 3.4.7.1 3.4.7.1 release Michal Čihař (5): Disable loading of external XML entities when loading XML Disable XML loading plugins on old PHP Add missing release date Merge branch 'MAINT_3_4_7' into MAINT_3_4_7-security Changelog entry ----------------------------------------------------------------------- hooks/post-receive -- phpMyAdmin

12 years, 10 months

[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_7-22596-gf42d162

by Marc Delisle

The branch, master has been updated via f42d162b0d0301b67723eb1ac5a3f584a515c8f3 (commit) from 839c0d493aedbfb031752b706acd550790f72019 (commit) - Log ----------------------------------------------------------------- commit f42d162b0d0301b67723eb1ac5a3f584a515c8f3 Author: Marc Delisle <marc(a)infomarc.info> Date: Thu Nov 10 09:09:49 2011 -0500 3.4.7.1 release ----------------------------------------------------------------------- Summary of changes: ChangeLog | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6e2fd10..05439c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -70,7 +70,7 @@ phpMyAdmin - ChangeLog - patch #3430291 [import] Handle conflicts in some open_basedir situations - bug #3431427 [display] Dropdown results - setting NULL does not work -3.4.7.1 (not yet released) +3.4.7.1 (2011-11-10) - [security] Fixed possible local file inclusion in XML import (CVE-2011-4107). hooks/post-receive -- phpMyAdmin

12 years, 10 months

[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_7-31-g849b681

by Marc Delisle

The branch, QA_3_4 has been updated via 849b6818f81cae1d5ae0a6857b6e5839a8b3ea10 (commit) from e51a1cb73df8f3706fe0bb50ccdcae7fa2f893eb (commit) - Log ----------------------------------------------------------------- commit 849b6818f81cae1d5ae0a6857b6e5839a8b3ea10 Author: Marc Delisle <marc(a)infomarc.info> Date: Thu Nov 10 09:09:17 2011 -0500 3.4.7.1 release ----------------------------------------------------------------------- Summary of changes: ChangeLog | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5836756..b18adfd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,7 +13,7 @@ phpMyAdmin - ChangeLog - patch #3430291 [import] Handle conflicts in some open_basedir situations - bug #3431427 [display] Dropdown results - setting NULL does not work -3.4.7.1 (not yet released) +3.4.7.1 (2011-11-10) - [security] Fixed possible local file inclusion in XML import (CVE-2011-4107). hooks/post-receive -- phpMyAdmin

12 years, 10 months

[Phpmyadmin-git] [SCM] phpMyAdmin branch, MAINT_3_4_7, updated. RELEASE_3_4_7-8-gec040a1

by Marc Delisle

The branch, MAINT_3_4_7 has been updated via ec040a1b6e9d19bf3439e3f8931a4d63720ce867 (commit) from 1b8f5a5c098905997a3072170d773a073331f7f6 (commit) - Log ----------------------------------------------------------------- commit ec040a1b6e9d19bf3439e3f8931a4d63720ce867 Author: Marc Delisle <marc(a)infomarc.info> Date: Thu Nov 10 09:08:43 2011 -0500 3.4.7.1 release ----------------------------------------------------------------------- Summary of changes: ChangeLog | 2 +- Documentation.html | 4 ++-- README | 2 +- libraries/Config.class.php | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0ccfc21..6ada51e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ phpMyAdmin - ChangeLog ====================== -3.4.7.1 (not yet released) +3.4.7.1 (2011-11-10) - [security] Fixed possible local file inclusion in XML import (CVE-2011-4107). 3.4.7.0 (2011-10-23) diff --git a/Documentation.html b/Documentation.html index d376f73..083da6e 100644 --- a/Documentation.html +++ b/Documentation.html @@ -9,7 +9,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <link rel="icon" href="./favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - <title>phpMyAdmin 3.4.7 - Documentation</title> + <title>phpMyAdmin 3.4.7.1 - Documentation</title> <link rel="stylesheet" type="text/css" href="docs.css" /> </head> @@ -17,7 +17,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <div id="header"> <h1> <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a> - 3.4.7 + 3.4.7.1 Documentation </h1> </div> diff --git a/README b/README index ae117eb..488cb04 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 3.4.7 +Version 3.4.7.1 A set of PHP-scripts to manage MySQL over the web. diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 824d04c..f42ad6e 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -96,7 +96,7 @@ class PMA_Config */ function checkSystem() { - $this->set('PMA_VERSION', '3.4.7'); + $this->set('PMA_VERSION', '3.4.7.1'); /** * @deprecated */ hooks/post-receive -- phpMyAdmin

12 years, 10 months

[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_7-22595-g839c0d4

by Marc Delisle

The branch, master has been updated via 839c0d493aedbfb031752b706acd550790f72019 (commit) via e51a1cb73df8f3706fe0bb50ccdcae7fa2f893eb (commit) via f674e3dbe952d9c4a7864067d7c286e9b01f527a (commit) via 1b8f5a5c098905997a3072170d773a073331f7f6 (commit) via edea25b07b51c2c5e277323f8047fcd82e695f7e (commit) via 05f96b921a7e7dacd02be5ca61b2e7bdd014ee55 (commit) via 4dd5c0d0dc413d2cb2cfcb31f8d4aec0c753033c (commit) via 063e6f92929c3aed3641cf79add4128c7e972d2f (commit) via 34d99de000de9d15cfdf5e9cc8b7682d51110bbd (commit) via a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5 (commit) from f49fe427f534350e029f0b08627e6ce565368de8 (commit) - Log ----------------------------------------------------------------- commit 839c0d493aedbfb031752b706acd550790f72019 Merge: f49fe42 e51a1cb Author: Marc Delisle <marc(a)infomarc.info> Date: Thu Nov 10 09:00:13 2011 -0500 Merge branch 'QA_3_4' ----------------------------------------------------------------------- Summary of changes: ChangeLog | 4 ++++ Documentation.html | 3 +++ libraries/import/ods.php | 12 ++++++++++++ libraries/import/xml.php | 12 ++++++++++++ 4 files changed, 31 insertions(+), 0 deletions(-) diff --git a/ChangeLog b/ChangeLog index d8b0494..6e2fd10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -70,6 +70,10 @@ phpMyAdmin - ChangeLog - patch #3430291 [import] Handle conflicts in some open_basedir situations - bug #3431427 [display] Dropdown results - setting NULL does not work +3.4.7.1 (not yet released) +- [security] Fixed possible local file inclusion in XML import +(CVE-2011-4107). + 3.4.7.0 (2011-10-23) - bug #3418610 [interface] Links in navigation when $cfg['MainPageIconic'] = false - bug #3418849 [interface] Inline edit shows dropdowns even after closing diff --git a/Documentation.html b/Documentation.html index c31706a..458108c 100644 --- a/Documentation.html +++ b/Documentation.html @@ -82,6 +82,9 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <li>To support BLOB streaming, see PHP and MySQL requirements in <a href="#faq6_25"> <abbr title="Frequently Asked Questions">FAQ</abbr> 6.25</a>.</li> + <li>To support XML and Open Document Spreadsheet importing, + you need PHP 5.2.17 or newer and the + <a href="http://www.php.net/libxml"><tt>libxml</tt></a> extension.</li> </ul> </li> <li><b>MySQL</b> 5.0 or newer (<a href="#faq1_17">details</a>);</li> diff --git a/libraries/import/ods.php b/libraries/import/ods.php index fc1c177..8af40f4 100644 --- a/libraries/import/ods.php +++ b/libraries/import/ods.php @@ -14,6 +14,13 @@ if (! defined('PHPMYADMIN')) { } /** + * We need way to disable external XML entities processing. + */ +if (!function_exists('libxml_disable_entity_loader')) { + return; +} + +/** * The possible scopes for $plugin_param are: 'table', 'database', and 'server' */ @@ -61,6 +68,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) { unset($data); /** + * Disable loading of external XML entities. + */ +libxml_disable_entity_loader(); + +/** * Load the XML string * * The option LIBXML_COMPACT is specified because it can diff --git a/libraries/import/xml.php b/libraries/import/xml.php index a3768cd..727c63b 100644 --- a/libraries/import/xml.php +++ b/libraries/import/xml.php @@ -13,6 +13,13 @@ if (! defined('PHPMYADMIN')) { } /** + * We need way to disable external XML entities processing. + */ +if (!function_exists('libxml_disable_entity_loader')) { + return; +} + +/** * The possible scopes for $plugin_param are: 'table', 'database', and 'server' */ @@ -54,6 +61,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) { unset($data); /** + * Disable loading of external XML entities. + */ +libxml_disable_entity_loader(); + +/** * Load the XML string * * The option LIBXML_COMPACT is specified because it can hooks/post-receive -- phpMyAdmin

12 years, 10 months

← Newer
1
...
7
8
9
10
11
12
13
...
16
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Git November 2011