The branch, MAINT_3_4_7 has been updated via 1b8f5a5c098905997a3072170d773a073331f7f6 (commit) via 05f96b921a7e7dacd02be5ca61b2e7bdd014ee55 (commit) via 4dd5c0d0dc413d2cb2cfcb31f8d4aec0c753033c (commit) via 063e6f92929c3aed3641cf79add4128c7e972d2f (commit) via 34d99de000de9d15cfdf5e9cc8b7682d51110bbd (commit) via a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5 (commit) from 987f943de33a0d0aa6ac3e3c352d48ac4a527a6d (commit)
- Log ----------------------------------------------------------------- -----------------------------------------------------------------------
Summary of changes: ChangeLog | 3 ++ Documentation.html | 3 ++ libraries/import/ods.php | 12 +++++++++++ libraries/import/xml.php | 50 ++++++++++++++++++++++++++++----------------- 4 files changed, 49 insertions(+), 19 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 1e06756..0ccfc21 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ phpMyAdmin - ChangeLog ======================
+3.4.7.1 (not yet released) +- [security] Fixed possible local file inclusion in XML import (CVE-2011-4107). + 3.4.7.0 (2011-10-23) - bug #3418610 [interface] Links in navigation when $cfg['MainPageIconic'] = false - bug #3418849 [interface] Inline edit shows dropdowns even after closing diff --git a/Documentation.html b/Documentation.html index 834215c..d376f73 100644 --- a/Documentation.html +++ b/Documentation.html @@ -82,6 +82,9 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <li>To support BLOB streaming, see PHP and MySQL requirements in <a href="#faq6_25"> <abbr title="Frequently Asked Questions">FAQ</abbr> 6.25</a>.</li> + <li>To support XML and Open Document Spreadsheet importing, + you need PHP 5.2.17 or newer and the + <a href="http://www.php.net/libxml"><tt>libxml</tt></a> extension.</li> </ul> </li> <li><b>MySQL</b> 5.0 or newer (<a href="#faq1_17">details</a>);</li> diff --git a/libraries/import/ods.php b/libraries/import/ods.php index 4bf5200..9016016 100644 --- a/libraries/import/ods.php +++ b/libraries/import/ods.php @@ -14,6 +14,13 @@ if (! defined('PHPMYADMIN')) { }
/** + * We need way to disable external XML entities processing. + */ +if (!function_exists('libxml_disable_entity_loader')) { + return; +} + +/** * The possible scopes for $plugin_param are: 'table', 'database', and 'server' */
@@ -64,6 +71,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) { unset($data);
/** + * Disable loading of external XML entities. + */ +libxml_disable_entity_loader(); + +/** * Load the XML string * * The option LIBXML_COMPACT is specified because it can diff --git a/libraries/import/xml.php b/libraries/import/xml.php index 640aac8..ce20fe7 100644 --- a/libraries/import/xml.php +++ b/libraries/import/xml.php @@ -13,6 +13,13 @@ if (! defined('PHPMYADMIN')) { }
/** + * We need way to disable external XML entities processing. + */ +if (!function_exists('libxml_disable_entity_loader')) { + return; +} + +/** * The possible scopes for $plugin_param are: 'table', 'database', and 'server' */
@@ -57,6 +64,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) { unset($data);
/** + * Disable loading of external XML entities. + */ +libxml_disable_entity_loader(); + +/** * Load the XML string * * The option LIBXML_COMPACT is specified because it can @@ -141,19 +153,19 @@ if (isset($namespaces['pma'])) { * Get structures for all tables */ $struct = $xml->children($namespaces['pma']); - + $create = array(); - + foreach ($struct as $tier1 => $val1) { foreach($val1 as $tier2 => $val2) { /* Need to select the correct database for the creation of tables, views, triggers, etc. */ /** - * @todo Generating a USE here blocks importing of a table - * into another database. + * @todo Generating a USE here blocks importing of a table + * into another database. */ $attrs = $val2->attributes(); $create[] = "USE " . PMA_backquote($attrs["name"]); - + foreach ($val2 as $val3) { /** * Remove the extra cosmetic spacing @@ -163,7 +175,7 @@ if (isset($namespaces['pma'])) { } } } - + $struct_present = true; }
@@ -179,13 +191,13 @@ $data_present = false; */ if (@count($xml->children())) { $data_present = true; - + /** * Process all database content */ foreach ($xml as $k1 => $v1) { $tbl_attr = $v1->attributes(); - + $isInTables = false; for ($i = 0; $i < count($tables); ++$i) { if (! strcmp($tables[$i][TBL_NAME], (string)$tbl_attr['name'])) { @@ -193,11 +205,11 @@ if (@count($xml->children())) { break; } } - + if ($isInTables == false) { $tables[] = array((string)$tbl_attr['name']); } - + foreach ($v1 as $k2 => $v2) { $row_attr = $v2->attributes(); if (! array_search((string)$row_attr['name'], $tempRow)) @@ -206,17 +218,17 @@ if (@count($xml->children())) { } $tempCells[] = (string)$v2; } - + $rows[] = array((string)$tbl_attr['name'], $tempRow, $tempCells); - + $tempRow = array(); $tempCells = array(); } - + unset($tempRow); unset($tempCells); unset($xml); - + /** * Bring accumulated rows into the corresponding table */ @@ -227,17 +239,17 @@ if (@count($xml->children())) { if (! isset($tables[$i][COL_NAMES])) { $tables[$i][] = $rows[$j][COL_NAMES]; } - + $tables[$i][ROWS][] = $rows[$j][ROWS]; } } } - + unset($rows); - + if (! $struct_present) { $analyses = array(); - + $len = count($tables); for ($i = 0; $i < $len; ++$i) { $analyses[] = PMA_analyzeTable($tables[$i]); @@ -289,7 +301,7 @@ if (strlen($db)) { if ($db_name === NULL) { $db_name = 'XML_DB'; } - + /* Set database collation/charset */ $options = array( 'db_collation' => $collation,
hooks/post-receive