[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_7_1-41-gcf5faa1

24 Nov 2011

The branch, QA_3_4 has been updated
       via  cf5faa1dd1bcae329eddb793765ad2ba3e4471dc (commit)
       via  077c10020e349e8c1beb46309098992fde616913 (commit)
       via  dac8d6ce256333ff45b5f46270304b8657452740 (commit)
       via  bc45a1048d2f5ca8a532f774ddb1dd80985dff3d (commit)
       via  1490533d91e9d3820e78ca4eac7981886eaea2cb (commit)
       via  b289fe082441dc739939b0ba15dae0d9dc6cee92 (commit)
      from  f414a0ec32626c3f0084bd020daba2b4553d244b (commit)
- Log -----------------------------------------------------------------
commit cf5faa1dd1bcae329eddb793765ad2ba3e4471dc
Merge: f414a0e 077c100
Author: Marc Delisle marc@infomarc.info
Date:   Thu Nov 24 12:26:31 2011 -0500
Fix merge conflicts
commit 077c10020e349e8c1beb46309098992fde616913
Author: Dieter Adriaenssens ruleant@users.sourceforge.net
Date:   Tue Nov 22 21:59:19 2011 +0100
[security] Self-XSS on invalid query (table overview), see PMASA-2011-18
commit dac8d6ce256333ff45b5f46270304b8657452740
Author: Marc Delisle marc@infomarc.info
Date:   Tue Nov 22 12:46:46 2011 -0500
[security] Self-XSS on column type (table Search), see PMASA-2011-18
commit bc45a1048d2f5ca8a532f774ddb1dd80985dff3d
Author: Rouslan Placella rouslan@placella.com
Date:   Tue Nov 22 12:38:22 2011 -0500
[security] Self-XSS on column type (Create index), see PMASA-2011-18
commit 1490533d91e9d3820e78ca4eac7981886eaea2cb
Author: Marc Delisle marc@infomarc.info
Date:   Mon Nov 21 18:08:49 2011 -0500
[security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
commit b289fe082441dc739939b0ba15dae0d9dc6cee92
Author: Marc Delisle marc@infomarc.info
Date:   Mon Nov 21 17:53:10 2011 -0500
[security] Self-XSS on database names (Synchronize), see PMASA-2011-18
-----------------------------------------------------------------------
Summary of changes:
 ChangeLog                            |    5 +++++
 js/db_operations.js                  |    2 +-
 libraries/common.lib.php             |    5 +----
 libraries/server_synchronize.lib.php |    4 ++--
 tbl_indexes.php                      |    4 ++--
 tbl_select.php                       |    4 ++--
 6 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 36a9e0a..7c40e9d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,11 @@ phpMyAdmin - ChangeLog
 - [interface] Avoid showing the password in phpinfo()'s output
 - bug #3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8
 - bug #3407235 [interface] Entering the key through a lookup window does not reset NULL
+- [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
+- [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
+- [security] Self-XSS on column type (Create index), see PMASA-2011-18
+- [security] Self-XSS on column type (table Search), see PMASA-2011-18
+- [security] Self-XSS on invalid query (table overview), see PMASA-2011-18
3.4.7.1 (2011-11-10)
 - [security] Fixed possible local file inclusion in XML import
diff --git a/js/db_operations.js b/js/db_operations.js
index b053694..ad39635 100644
--- a/js/db_operations.js
+++ b/js/db_operations.js
@@ -32,7 +32,7 @@ $(document).ready(function() {
var $form = $(this);
-        var question = 'CREATE DATABASE ' + $('#new_db_name').val() + ' / DROP DATABASE ' + window.parent.db;
+        var question = escapeHtml('CREATE DATABASE ' + $('#new_db_name').val() + ' / DROP DATABASE ' + window.parent.db);
PMA_prepareForAjaxRequest($form);
         /**
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index ad38266..caeeee2 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -1059,13 +1059,10 @@ function PMA_showMessage($message, $sql_query = null, $type = 'notice', $is_view
         } else {
             // Parse SQL if needed
             $parsed_sql = PMA_SQP_parse($query_base);
-            if (PMA_SQP_isError()) {
-                unset($parsed_sql);
-            }
         }
// Analyze it
-        if (isset($parsed_sql)) {
+        if (isset($parsed_sql) && ! PMA_SQP_isError()) {
             $analyzed_display_query = PMA_SQP_analyze($parsed_sql);
             // Here we append the LIMIT added for navigation, to
             // enable its display. Adding it higher in the code
diff --git a/libraries/server_synchronize.lib.php b/libraries/server_synchronize.lib.php
index c1b9159..53ad9d7 100644
--- a/libraries/server_synchronize.lib.php
+++ b/libraries/server_synchronize.lib.php
@@ -1335,7 +1335,7 @@ function PMA_syncDisplayHeaderSource($src_db) {
echo '<table id="serverstatusconnections" class="data" width="55%">';
     echo '<tr>';
-    echo '<th>' . __('Source database') . ':  ' . $src_db . '<br />(';
+    echo '<th>' . __('Source database') . ':  ' . htmlspecialchars($src_db) . '<br />(';
     if ('cur' == $_SESSION['src_type']) {
         echo __('Current server');
     } else {
@@ -1358,7 +1358,7 @@ function PMA_syncDisplayHeaderSource($src_db) {
 function PMA_syncDisplayHeaderTargetAndMatchingTables($trg_db, $matching_tables) {
     echo '<table id="serverstatusconnections" class="data" width="43%">';
     echo '<tr>';
-    echo '<th>' . __('Target database') . ':  '. $trg_db . '<br />(';
+    echo '<th>' . __('Target database') . ':  '. htmlspecialchars($trg_db) . '<br />(';
     if ('cur' == $_SESSION['trg_type']) {
         echo __('Current server');
     } else {
diff --git a/tbl_indexes.php b/tbl_indexes.php
index 54923a0..ac32387 100644
--- a/tbl_indexes.php
+++ b/tbl_indexes.php
@@ -200,7 +200,7 @@ foreach ($index->getColumns() as $column) {
          || preg_match('/(char|text)/i', $field_type)) {
             echo '<option value="' . htmlspecialchars($field_name) . '"'
                  . (($field_name == $column->getName()) ? ' selected="selected"' : '') . '>'
-                 . htmlspecialchars($field_name) . ' [' . $field_type . ']'
+                 . htmlspecialchars($field_name) . ' [' . htmlspecialchars($field_type) . ']'
                  . '</option>' . "\n";
         }
     } // end foreach $fields
@@ -222,7 +222,7 @@ for ($i = 0; $i < $add_fields; $i++) {
     <?php
     foreach ($fields as $field_name => $field_type) {
         echo '<option value="' . htmlspecialchars($field_name) . '">'
-             . htmlspecialchars($field_name) . ' [' . $field_type . ']'
+             . htmlspecialchars($field_name) . ' [' . htmlspecialchars($field_type) . ']'
              . '</option>' . "\n";
     } // end foreach $fields
     ?>
diff --git a/tbl_select.php b/tbl_select.php
index 2cb0086..8414222 100644
--- a/tbl_select.php
+++ b/tbl_select.php
@@ -124,7 +124,7 @@ if (!isset($param) || $param[0] == '') {
         ?>
         <tr class="noclick <?php echo $odd_row ? 'odd' : 'even'; $odd_row = ! $odd_row; ?>">
             <th><?php echo htmlspecialchars($fields_list[$i]); ?></th>
-            <td><?php echo $fields_type[$i]; ?></td>
+            <td><?php echo htmlspecialchars($fields_type[$i]); ?></td>
             <td><?php echo $fields_collation[$i]; ?></td>
             <td><select name="func[]">
         <?php
@@ -190,7 +190,7 @@ if (!isset($param) || $param[0] == '') {
             <?php
         } elseif (strncasecmp($fields_type[$i], 'enum', 4) == 0) {
             // e n u m s
-            $enum_value=explode(', ', str_replace("'", '', substr($fields_type[$i], 5, -1)));
+            $enum_value=explode(', ', str_replace("'", '', substr(htmlspecialchars($fields_type[$i]), 5, -1)));
             $cnt_enum_value = count($enum_value);
             echo '            <select name="fields[' . $i . '][]"'
                 .' multiple="multiple" size="' . min(3, $cnt_enum_value) . '">' . "\n";
hooks/post-receive
-- 
phpMyAdmin


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_7_1-41-gcf5faa1