The branch, master has been updated via 79df74937cd20a400837b76f264eef4a4f2fe245 (commit) via 1fa702b45c1d7cadf00fbcd4762f9368517fac09 (commit) via bfdf28e24c6b5b92451e3d9f71e9984eadf6c58c (commit) from 4d15c3d1205895b7eccfbcc79a0760c15c71724a (commit)
- Log ----------------------------------------------------------------- commit 79df74937cd20a400837b76f264eef4a4f2fe245 Merge: 1fa702b45c1d7cadf00fbcd4762f9368517fac09 4d15c3d1205895b7eccfbcc79a0760c15c71724a Author: Marc Delisle marc@infomarc.info Date: Mon Aug 8 08:27:28 2011 -0400
Merge branch 'master' of ssh://phpmyadmin.git.sourceforge.net/gitroot/phpmyadmin/phpmyadmin
commit 1fa702b45c1d7cadf00fbcd4762f9368517fac09 Author: Marc Delisle marc@infomarc.info Date: Mon Aug 8 08:27:10 2011 -0400
Coding style
commit bfdf28e24c6b5b92451e3d9f71e9984eadf6c58c Author: Tyron Madlener tyronx@gmail.com Date: Mon Aug 8 08:25:20 2011 -0400
Workaround too small value of suhosin.get.max_value_length
-----------------------------------------------------------------------
Summary of changes: libraries/common.lib.php | 49 +++++++++++++++++++++++++++++++++------------ 1 files changed, 36 insertions(+), 13 deletions(-)
diff --git a/libraries/common.lib.php b/libraries/common.lib.php index 5de802b..c3a9d69 100644 --- a/libraries/common.lib.php +++ b/libraries/common.lib.php @@ -1702,8 +1702,23 @@ function PMA_linkOrButton($url, $message, $tag_params = array(), if (stristr($message, '<img') && (!$strip_img || $GLOBALS['cfg']['PropertiesIconic'] === true) && strip_tags($message)==$message) { $displayed_message = '<span>' . htmlspecialchars(preg_replace('/^.*\salt="([^"]*)".*$/si', '\1', $message)) . '</span>'; } - + + // Suhosin: Check that each query parameter is not above maximum + $in_suhosin_limits = true; if ($url_length <= $GLOBALS['cfg']['LinkLengthLimit']) { + if ($suhosin_get_MaxValueLength = ini_get('suhosin.get.max_value_length')) { + $query_parts = PMA_splitURLQuery($url); + foreach($query_parts as $query_pair) { + list($eachvar, $eachval) = explode('=', $query_pair); + if(strlen($eachval) > $suhosin_get_MaxValueLength) { + $in_suhosin_limits = false; + break; + } + } + } + } + + if ($url_length <= $GLOBALS['cfg']['LinkLengthLimit'] && $in_suhosin_limits) { // no whitespace within an <a> else Safari will make it part of the link $ret = "\n" . '<a href="' . $url . '" ' . implode(' ', $tag_params_strings) . '>' @@ -1717,20 +1732,12 @@ function PMA_linkOrButton($url, $message, $tag_params = array(), if (empty($tag_params['class'])) { $tag_params['class'] = 'link'; } - - // decode encoded url separators - $separator = PMA_get_arg_separator(); - // on most places separator is still hard coded ... - if ($separator !== '&') { - // ... so always replace & with $separator - $url = str_replace(htmlentities('&'), $separator, $url); - $url = str_replace('&', $separator, $url); + + if (! isset($query_parts)) { + $query_parts = PMA_splitURLQuery($url); } - $url = str_replace(htmlentities($separator), $separator, $url); - // end decode - $url_parts = parse_url($url); - $query_parts = explode($separator, $url_parts['query']); + if ($new_form) { $ret = '<form action="' . $url_parts['path'] . '" class="link"' . ' method="post"' . $target . ' style="display: inline;">'; @@ -1768,6 +1775,22 @@ function PMA_linkOrButton($url, $message, $tag_params = array(), } // end of the 'PMA_linkOrButton()' function
+function PMA_splitURLQuery($url) { + // decode encoded url separators + $separator = PMA_get_arg_separator(); + // on most places separator is still hard coded ... + if ($separator !== '&') { + // ... so always replace & with $separator + $url = str_replace(htmlentities('&'), $separator, $url); + $url = str_replace('&', $separator, $url); + } + $url = str_replace(htmlentities($separator), $separator, $url); + // end decode + + $url_parts = parse_url($url); + return explode($separator, $url_parts['query']); +} + /** * Returns a given timespan value in a readable format. *
hooks/post-receive