The branch, QA_3_3 has been updated via 1d60fb6da9bc9488c897f57efca21cb683ca8b8a (commit) via b8be5ebe2f98354eb7273e12a32f450daaa1479f (commit) via ab31a2565f494c69e6b0d9a82a2932c7656592b5 (commit) via 5ee357a572866e730d83f56d6187a67c7c48e523 (commit) via 911a83393e5b7064084fd140889d0fb2f3166b99 (commit) via ca74f480f119a53ef07ca40d2ab28f063cc89ec9 (commit) via 2e01647949df937040e73a94ce0bac0daecbdcf4 (commit) via 6e6e129f26295c83d67b74e202628a4b8bc49e54 (commit) via 6eae88e65f39347e480cf67008f3d98f19f47248 (commit) from 1ec75facafab7fc88e486a20222c07c88730a925 (commit)
- Log ----------------------------------------------------------------- commit 1d60fb6da9bc9488c897f57efca21cb683ca8b8a Author: Marc Delisle marc@infomarc.info Date: Sat Jul 2 20:45:06 2011 -0400
3.3.10.2 release
commit b8be5ebe2f98354eb7273e12a32f450daaa1479f Merge: 1ec75facafab7fc88e486a20222c07c88730a925 ab31a2565f494c69e6b0d9a82a2932c7656592b5 Author: Marc Delisle marc@infomarc.info Date: Sat Jul 2 20:42:04 2011 -0400
Merge branch 'MAINT_3_3_10' into QA_3_3
-----------------------------------------------------------------------
Summary of changes: ChangeLog | 7 +++++++ libraries/auth/swekey/swekey.auth.lib.php | 5 ++--- libraries/display_tbl.lib.php | 2 +- libraries/server_synchronize.lib.php | 2 +- setup/lib/ConfigFile.class.php | 2 +- 5 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 920123b..0aa00f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,13 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
3.3.11.0 (not yet released)
+3.3.10.2 (2011-07-02) +- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5 +- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6 +- [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7 +- [security] Fixed filtering of a file path, which allowed for directory travers +al, see PMASA-2011-8 + 3.3.10.1 (2011-05-20) - [security] XSS on Tracking page
diff --git a/libraries/auth/swekey/swekey.auth.lib.php b/libraries/auth/swekey/swekey.auth.lib.php index 3dbad75..2a790c4 100644 --- a/libraries/auth/swekey/swekey.auth.lib.php +++ b/libraries/auth/swekey/swekey.auth.lib.php @@ -263,11 +263,10 @@ function Swekey_login($input_name, $input_go) } }
-if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false) +if (!empty($_GET['session_to_unset'])) { - parse_str($_SERVER['QUERY_STRING']); session_write_close(); - session_id($session_to_unset); + session_id($_GET['session_to_unset']); session_start(); $_SESSION = array(); session_write_close(); diff --git a/libraries/display_tbl.lib.php b/libraries/display_tbl.lib.php index 7ef333d..186ce3e 100644 --- a/libraries/display_tbl.lib.php +++ b/libraries/display_tbl.lib.php @@ -1220,7 +1220,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) { if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) { - $include_file = $GLOBALS['mime_map'][$meta->name]['transformation']; + $include_file = PMA_securePath($GLOBALS['mime_map'][$meta->name]['transformation']);
if (file_exists('./libraries/transformations/' . $include_file)) { $transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']); diff --git a/libraries/server_synchronize.lib.php b/libraries/server_synchronize.lib.php index 79948b9..646ef25 100644 --- a/libraries/server_synchronize.lib.php +++ b/libraries/server_synchronize.lib.php @@ -624,7 +624,7 @@ function PMA_createTargetTables($src_db, $trg_db, $src_link, $trg_link, &$uncomm $Create_Query = PMA_DBI_fetch_value("SHOW CREATE TABLE " . PMA_backquote($src_db) . '.' . PMA_backquote($uncommon_tables[$table_index]), 0, 1, $src_link);
// Replace the src table name with a `dbname`.`tablename` - $Create_Table_Query = preg_replace('/' . PMA_backquote($uncommon_tables[$table_index]) . '/', + $Create_Table_Query = preg_replace('/' . preg_quote(PMA_backquote($uncommon_tables[$table_index]), '/') . '/', PMA_backquote($trg_db) . '.' .PMA_backquote($uncommon_tables[$table_index]), $Create_Query, $limit = 1 diff --git a/setup/lib/ConfigFile.class.php b/setup/lib/ConfigFile.class.php index c0ff63d..978eba3 100644 --- a/setup/lib/ConfigFile.class.php +++ b/setup/lib/ConfigFile.class.php @@ -286,7 +286,7 @@ class ConfigFile if ($this->getServerCount() > 0) { $ret .= "/* Servers configuration */$crlf$i = 0;" . $crlf . $crlf; foreach ($c['Servers'] as $id => $server) { - $ret .= '/* Server: ' . strtr($this->getServerName($id), '*/', '-') . " [$id] */" . $crlf + $ret .= '/* Server: ' . strtr($this->getServerName($id) . " [$id] ", '*/', '-') . "*/" . $crlf . '$i++;' . $crlf; foreach ($server as $k => $v) { $k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);
hooks/post-receive