The branch, master has been updated via 96dd071a5f2362d5a244656bf4acf240b5b1aac0 (commit) via 29455fe79bc9896129d7004e0242c451f4a32cc8 (commit) via cf5faa1dd1bcae329eddb793765ad2ba3e4471dc (commit) via 077c10020e349e8c1beb46309098992fde616913 (commit) via dac8d6ce256333ff45b5f46270304b8657452740 (commit) via bc45a1048d2f5ca8a532f774ddb1dd80985dff3d (commit) via 1490533d91e9d3820e78ca4eac7981886eaea2cb (commit) via b289fe082441dc739939b0ba15dae0d9dc6cee92 (commit) from 03fd5593823d6999e85792a910d460902f844db3 (commit)
- Log ----------------------------------------------------------------- commit 96dd071a5f2362d5a244656bf4acf240b5b1aac0 Merge: 03fd559 29455fe Author: Marc Delisle marc@infomarc.info Date: Thu Nov 24 16:54:25 2011 -0500
Fix merge conflicts
-----------------------------------------------------------------------
Summary of changes: ChangeLog | 5 +++++ js/db_operations.js | 2 +- libraries/common.lib.php | 5 +---- tbl_indexes.php | 4 ++-- tbl_select.php | 2 +- 5 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 2c6e859..062ee96 100644 --- a/ChangeLog +++ b/ChangeLog @@ -81,6 +81,11 @@ phpMyAdmin - ChangeLog - [interface] Avoid showing the password in phpinfo()'s output - bug #3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8 - bug #3407235 [interface] Entering the key through a lookup window does not reset NULL +- [security] Self-XSS on database names (Synchronize), see PMASA-2011-18 +- [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18 +- [security] Self-XSS on column type (Create index), see PMASA-2011-18 +- [security] Self-XSS on column type (table Search), see PMASA-2011-18 +- [security] Self-XSS on invalid query (table overview), see PMASA-2011-18
3.4.7.1 (2011-11-10) - [security] Fixed possible local file inclusion in XML import diff --git a/js/db_operations.js b/js/db_operations.js index 9776cef..bc61679 100644 --- a/js/db_operations.js +++ b/js/db_operations.js @@ -32,7 +32,7 @@ $(document).ready(function() {
var $form = $(this);
- var question = 'CREATE DATABASE ' + $('#new_db_name').val() + ' / DROP DATABASE ' + window.parent.db; + var question = escapeHtml('CREATE DATABASE ' + $('#new_db_name').val() + ' / DROP DATABASE ' + window.parent.db);
PMA_prepareForAjaxRequest($form); /** diff --git a/libraries/common.lib.php b/libraries/common.lib.php index bb5c6e1..767e284 100644 --- a/libraries/common.lib.php +++ b/libraries/common.lib.php @@ -1066,13 +1066,10 @@ function PMA_showMessage($message, $sql_query = null, $type = 'notice', $is_view } else { // Parse SQL if needed $parsed_sql = PMA_SQP_parse($query_base); - if (PMA_SQP_isError()) { - unset($parsed_sql); - } }
// Analyze it - if (isset($parsed_sql)) { + if (isset($parsed_sql) && ! PMA_SQP_isError()) { $analyzed_display_query = PMA_SQP_analyze($parsed_sql);
// Same as below (append LIMIT), append the remembered ORDER BY diff --git a/tbl_indexes.php b/tbl_indexes.php index 195568b..bcdc59c 100644 --- a/tbl_indexes.php +++ b/tbl_indexes.php @@ -233,7 +233,7 @@ foreach ($index->getColumns() as $column) { ) { echo '<option value="' . htmlspecialchars($field_name) . '"' . (($field_name == $column->getName()) ? ' selected="selected"' : '') . '>' - . htmlspecialchars($field_name) . ' [' . $field_type . ']' + . htmlspecialchars($field_name) . ' [' . htmlspecialchars($field_type) . ']' . '</option>' . "\n"; } } // end foreach $fields @@ -256,7 +256,7 @@ for ($i = 0; $i < $add_fields; $i++) { <?php foreach ($fields as $field_name => $field_type) { echo '<option value="' . htmlspecialchars($field_name) . '">' - . htmlspecialchars($field_name) . ' [' . $field_type . ']' + . htmlspecialchars($field_name) . ' [' . htmlspecialchars($field_type) . ']' . '</option>' . "\n"; } // end foreach $fields ?> diff --git a/tbl_select.php b/tbl_select.php index 7103814..c888291 100644 --- a/tbl_select.php +++ b/tbl_select.php @@ -113,7 +113,7 @@ echo PMA_generate_html_tabs(PMA_tbl_getSubTabs(), $url_params, '', 'topmenu2'); } ?> <th><?php echo htmlspecialchars($fields_list[$i]); ?></th> - <td><?php echo $fields_type[$i]; ?></td> + <td><?php echo htmlspecialchars($fields_type[$i]); ?></td> <td><?php echo $fields_collation[$i]; ?></td> <td><select name="func[]"> <?php
hooks/post-receive