The branch, QA_3_4 has been updated via e51a1cb73df8f3706fe0bb50ccdcae7fa2f893eb (commit) via f674e3dbe952d9c4a7864067d7c286e9b01f527a (commit) via 1b8f5a5c098905997a3072170d773a073331f7f6 (commit) via edea25b07b51c2c5e277323f8047fcd82e695f7e (commit) via 05f96b921a7e7dacd02be5ca61b2e7bdd014ee55 (commit) via 4dd5c0d0dc413d2cb2cfcb31f8d4aec0c753033c (commit) via 063e6f92929c3aed3641cf79add4128c7e972d2f (commit) via 34d99de000de9d15cfdf5e9cc8b7682d51110bbd (commit) via a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5 (commit) from bd0ad7377e92325d92d1de40ba52b8e89bc19664 (commit)
- Log ----------------------------------------------------------------- -----------------------------------------------------------------------
Summary of changes: ChangeLog | 4 +++ Documentation.html | 3 ++ libraries/import/ods.php | 12 +++++++++++ libraries/import/xml.php | 50 ++++++++++++++++++++++++++++----------------- 4 files changed, 50 insertions(+), 19 deletions(-)
diff --git a/ChangeLog b/ChangeLog index bab9d7b..5836756 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ phpMyAdmin - ChangeLog - patch #3430291 [import] Handle conflicts in some open_basedir situations - bug #3431427 [display] Dropdown results - setting NULL does not work
+3.4.7.1 (not yet released) +- [security] Fixed possible local file inclusion in XML import +(CVE-2011-4107). + 3.4.7.0 (2011-10-23) - bug #3418610 [interface] Links in navigation when $cfg['MainPageIconic'] = false - bug #3418849 [interface] Inline edit shows dropdowns even after closing diff --git a/Documentation.html b/Documentation.html index c8afb33..41e42aa 100644 --- a/Documentation.html +++ b/Documentation.html @@ -82,6 +82,9 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <li>To support BLOB streaming, see PHP and MySQL requirements in <a href="#faq6_25"> <abbr title="Frequently Asked Questions">FAQ</abbr> 6.25</a>.</li> + <li>To support XML and Open Document Spreadsheet importing, + you need PHP 5.2.17 or newer and the + <a href="http://www.php.net/libxml"><tt>libxml</tt></a> extension.</li> </ul> </li> <li><b>MySQL</b> 5.0 or newer (<a href="#faq1_17">details</a>);</li> diff --git a/libraries/import/ods.php b/libraries/import/ods.php index d50bee9..cd48f68 100644 --- a/libraries/import/ods.php +++ b/libraries/import/ods.php @@ -14,6 +14,13 @@ if (! defined('PHPMYADMIN')) { }
/** + * We need way to disable external XML entities processing. + */ +if (!function_exists('libxml_disable_entity_loader')) { + return; +} + +/** * The possible scopes for $plugin_param are: 'table', 'database', and 'server' */
@@ -61,6 +68,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) { unset($data);
/** + * Disable loading of external XML entities. + */ +libxml_disable_entity_loader(); + +/** * Load the XML string * * The option LIBXML_COMPACT is specified because it can diff --git a/libraries/import/xml.php b/libraries/import/xml.php index 36af788..0afbd15 100644 --- a/libraries/import/xml.php +++ b/libraries/import/xml.php @@ -13,6 +13,13 @@ if (! defined('PHPMYADMIN')) { }
/** + * We need way to disable external XML entities processing. + */ +if (!function_exists('libxml_disable_entity_loader')) { + return; +} + +/** * The possible scopes for $plugin_param are: 'table', 'database', and 'server' */
@@ -54,6 +61,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) { unset($data);
/** + * Disable loading of external XML entities. + */ +libxml_disable_entity_loader(); + +/** * Load the XML string * * The option LIBXML_COMPACT is specified because it can @@ -138,19 +150,19 @@ if (isset($namespaces['pma'])) { * Get structures for all tables */ $struct = $xml->children($namespaces['pma']); - + $create = array(); - + foreach ($struct as $tier1 => $val1) { foreach($val1 as $tier2 => $val2) { /* Need to select the correct database for the creation of tables, views, triggers, etc. */ /** - * @todo Generating a USE here blocks importing of a table - * into another database. + * @todo Generating a USE here blocks importing of a table + * into another database. */ $attrs = $val2->attributes(); $create[] = "USE " . PMA_backquote($attrs["name"]); - + foreach ($val2 as $val3) { /** * Remove the extra cosmetic spacing @@ -160,7 +172,7 @@ if (isset($namespaces['pma'])) { } } } - + $struct_present = true; }
@@ -176,13 +188,13 @@ $data_present = false; */ if (@count($xml->children())) { $data_present = true; - + /** * Process all database content */ foreach ($xml as $k1 => $v1) { $tbl_attr = $v1->attributes(); - + $isInTables = false; for ($i = 0; $i < count($tables); ++$i) { if (! strcmp($tables[$i][TBL_NAME], (string)$tbl_attr['name'])) { @@ -190,11 +202,11 @@ if (@count($xml->children())) { break; } } - + if ($isInTables == false) { $tables[] = array((string)$tbl_attr['name']); } - + foreach ($v1 as $k2 => $v2) { $row_attr = $v2->attributes(); if (! array_search((string)$row_attr['name'], $tempRow)) @@ -203,17 +215,17 @@ if (@count($xml->children())) { } $tempCells[] = (string)$v2; } - + $rows[] = array((string)$tbl_attr['name'], $tempRow, $tempCells); - + $tempRow = array(); $tempCells = array(); } - + unset($tempRow); unset($tempCells); unset($xml); - + /** * Bring accumulated rows into the corresponding table */ @@ -224,17 +236,17 @@ if (@count($xml->children())) { if (! isset($tables[$i][COL_NAMES])) { $tables[$i][] = $rows[$j][COL_NAMES]; } - + $tables[$i][ROWS][] = $rows[$j][ROWS]; } } } - + unset($rows); - + if (! $struct_present) { $analyses = array(); - + $len = count($tables); for ($i = 0; $i < $len; ++$i) { $analyses[] = PMA_analyzeTable($tables[$i]); @@ -286,7 +298,7 @@ if (strlen($db)) { if ($db_name === NULL) { $db_name = 'XML_DB'; } - + /* Set database collation/charset */ $options = array( 'db_collation' => $collation,
hooks/post-receive