The branch, MAINT_3_3_10 has been updated via bd92c092cd422667097e98a3cd8ebc0140338244 (commit) via 6aefed1fbc9271afb43ebc72675420a93472f313 (commit) via a5716cb3892f1714a97d8808cde9229ccc8752c8 (commit) via ae20845e36e0e019715842c71eed9e4a9ff99223 (commit) via e11e55cb0689b4a6de5f0d996166668a47f96da9 (commit) via 9d54e57fc8946db9b04666a93541871c80867fe7 (commit) via c78da1582799f35c8f12ca930062ea987a350282 (commit) via a6c8a8fe8ac03f4f36e5aaa7f7fb3bf0e11654f8 (commit) from 3e95b08ceddaad36a3633920d7b0bcf85ce2f565 (commit)
- Log ----------------------------------------------------------------- commit bd92c092cd422667097e98a3cd8ebc0140338244 Author: Marc Delisle marc@infomarc.info Date: Wed Aug 24 12:16:07 2011 -0400
3.3.10.4 release
-----------------------------------------------------------------------
Summary of changes: ChangeLog | 3 ++ Documentation.html | 4 +- README | 2 +- libraries/Config.class.php | 2 +- tbl_tracking.php | 72 +++++++++++++++++++++++-------------------- transformation_wrapper.php | 2 +- translators.html | 4 +- 7 files changed, 48 insertions(+), 41 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 54ef4ec..ddc085d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog $Id$ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/C... $
+3.3.10.4 (2011-08-24) +- [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13 + 3.3.10.3 (2011-07-23) - [security] Fixed XSS vulnerability, see PMASA-2011-9 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12 diff --git a/Documentation.html b/Documentation.html index f92b46b..7ee8e50 100644 --- a/Documentation.html +++ b/Documentation.html @@ -10,7 +10,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <link rel="icon" href="./favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - <title>phpMyAdmin 3.3.10.3 - Documentation</title> + <title>phpMyAdmin 3.3.10.4 - Documentation</title> <link rel="stylesheet" type="text/css" href="docs.css" /> </head>
@@ -18,7 +18,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <div id="header"> <h1> <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a> - 3.3.10.3 + 3.3.10.4 Documentation </h1> </div> diff --git a/README b/README index f5967ed..4d2bcbd 100644 --- a/README +++ b/README @@ -5,7 +5,7 @@ phpMyAdmin - Readme
A set of PHP-scripts to manage MySQL over the web.
- Version 3.3.10.3 + Version 3.3.10.4 ---------------- http://www.phpmyadmin.net/
diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 68b9663..0ace890 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -92,7 +92,7 @@ class PMA_Config */ function checkSystem() { - $this->set('PMA_VERSION', '3.3.10.3'); + $this->set('PMA_VERSION', '3.3.10.4'); /** * @deprecated */ diff --git a/tbl_tracking.php b/tbl_tracking.php index b3ac4f3..ab5bd31 100644 --- a/tbl_tracking.php +++ b/tbl_tracking.php @@ -288,17 +288,17 @@ if (isset($_REQUEST['snapshot'])) { <tr class="<?php echo $style; ?>"> <?php if ($field['Key'] == 'PRI') { - echo '<td><b><u>' . $field['Field'] . '</u></b></td>' . "\n"; + echo '<td><b><u>' . htmlspecialchars($field['Field']) . '</u></b></td>' . "\n"; } else { - echo '<td><b>' . $field['Field'] . '</b></td>' . "\n"; + echo '<td><b>' . htmlspecialchars($field['Field']) . '</b></td>' . "\n"; } ?> - <td><?php echo $field['Type'];?></td> - <td><?php echo $field['Collation'];?></td> - <td><?php echo $field['Null'];?></td> - <td><?php echo $field['Default'];?></td> - <td><?php echo $field['Extra'];?></td> - <td><?php echo $field['Comment'];?></td> + <td><?php echo htmlspecialchars($field['Type']);?></td> + <td><?php echo htmlspecialchars($field['Collation']);?></td> + <td><?php echo htmlspecialchars($field['Null']);?></td> + <td><?php echo htmlspecialchars($field['Default']);?></td> + <td><?php echo htmlspecialchars($field['Extra']);?></td> + <td><?php echo htmlspecialchars($field['Comment']);?></td> </tr> <?php if ($style == 'even') { @@ -344,15 +344,15 @@ if (isset($_REQUEST['snapshot'])) { } ?> <tr class="<?php echo $style; ?>"> - <td><b><?php echo $index['Key_name'];?></b></td> - <td><?php echo $index['Index_type'];?></td> + <td><b><?php echo htmlspecialchars($index['Key_name']);?></b></td> + <td><?php echo htmlspecialchars($index['Index_type']);?></td> <td><?php echo $str_unique;?></td> <td><?php echo $str_packed;?></td> - <td><?php echo $index['Column_name'];?></td> - <td><?php echo $index['Cardinality'];?></td> - <td><?php echo $index['Collation'];?></td> - <td><?php echo $index['Null'];?></td> - <td><?php echo $index['Comment'];?></td> + <td><?php echo htmlspecialchars($index['Column_name']);?></td> + <td><?php echo htmlspecialchars($index['Cardinality']);?></td> + <td><?php echo htmlspecialchars($index['Collation']);?></td> + <td><?php echo htmlspecialchars($index['Null']);?></td> + <td><?php echo htmlspecialchars($index['Comment']);?></td> </tr> <?php if ($style == 'even') { @@ -379,10 +379,10 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { ?> <h3><?php echo $strTrackingReport;?> [<a href="tbl_tracking.php?<?php echo $url_query;?>"><?php echo $strTrackingReportClose;?></a>]</h3>
- <small><?php echo $strTrackingStatements . ' ' . $data['tracking']; ?></small><br/> + <small><?php echo $strTrackingStatements . ' ' . htmlspecialchars($data['tracking']); ?></small><br/> <br/>
- <form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>&report=true&version=<?php echo $_REQUEST['version'];?>"> + <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?>"> <?php
$str1 = '<select name="logtype">' . @@ -390,9 +390,9 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { '<option value="data"' . ($selection_data ? ' selected="selected"' : ''). '>' . $strDataOnly . '</option>' . '<option value="schema_and_data"' . ($selection_both ? ' selected="selected"' : '') . '>' . $strStrucData . '</option>' . '</select>'; - $str2 = '<input type="text" name="date_from" value="' . $_REQUEST['date_from'] . '" size="19" />'; - $str3 = '<input type="text" name="date_to" value="' . $_REQUEST['date_to'] . '" size="19" />'; - $str4 = '<input type="text" name="users" value="' . $_REQUEST['users'] . '" />'; + $str2 = '<input type="text" name="date_from" value="' . htmlspecialchars($_REQUEST['date_from']) . '" size="19" />'; + $str3 = '<input type="text" name="date_to" value="' . htmlspecialchars($_REQUEST['date_to']) . '" size="19" />'; + $str4 = '<input type="text" name="users" value="' . htmlspecialchars($_REQUEST['users']) . '" />'; $str5 = '<input type="submit" name="list_report" value="' . $strGo . '" />';
printf($strTrackingShowLogDateUsers, $str1, $str2, $str3, $str4, $str5); @@ -429,8 +429,8 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { ?> <tr class="<?php echo $style; ?>"> <td><small><?php echo $i;?></small></td> - <td><small><?php echo $entry['date'];?></small></td> - <td><small><?php echo $entry['username']; ?></small></td> + <td><small><?php echo htmlspecialchars($entry['date']);?></small></td> + <td><small><?php echo htmlspecialchars($entry['username']); ?></small></td> <td><?php echo $statement; ?></td> </tr> <?php @@ -480,8 +480,8 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { ?> <tr class="<?php echo $style; ?>"> <td><small><?php echo $i; ?></small></td> - <td><small><?php echo $entry['date']; ?></small></td> - <td><small><?php echo $entry['username']; ?></small></td> + <td><small><?php echo htmlspecialchars($entry['date']); ?></small></td> + <td><small><?php echo htmlspecialchars($entry['username']); ?></small></td> <td><?php echo $statement; ?></td> </tr> <?php @@ -500,7 +500,7 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { } ?> </form> - <form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>&report=true&version=<?php echo $_REQUEST['version'];?>"> + <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?>"> <?php printf($strTrackingShowLogDateUsers, $str1, $str2, $str3, $str4, $str5);
@@ -513,11 +513,11 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { $str_export2 = '<input type="submit" name="report_export" value="' . $strGo .'" />'; ?> </form> - <form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>&report=true&version=<?php echo $_REQUEST['version'];?>"> - <input type="hidden" name="logtype" value="<?php echo $_REQUEST['logtype'];?>" /> - <input type="hidden" name="date_from" value="<?php echo $_REQUEST['date_from'];?>" /> - <input type="hidden" name="date_to" value="<?php echo $_REQUEST['date_to'];?>" /> - <input type="hidden" name="users" value="<?php echo $_REQUEST['users'];?>" /> + <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?>"> + <input type="hidden" name="logtype" value="<?php echo htmlspecialchars($_REQUEST['logtype']);?>" /> + <input type="hidden" name="date_from" value="<?php echo htmlspecialchars($_REQUEST['date_from']);?>" /> + <input type="hidden" name="date_to" value="<?php echo htmlspecialchars($_REQUEST['date_to']);?>" /> + <input type="hidden" name="users" value="<?php echo htmlspecialchars($_REQUEST['users']);?>" /> <?php echo "<br/>" . sprintf($strTrackingExportAs, $str_export1) . $str_export2 . "<br/>"; ?> @@ -618,11 +618,15 @@ if ($last_version > 0) { <tr class="<?php echo $style;?>"> <td><?php echo htmlspecialchars($version['db_name']);?></td> <td><?php echo htmlspecialchars($version['table_name']);?></td> - <td><?php echo $version['version'];?></td> - <td><?php echo $version['date_created'];?></td> - <td><?php echo $version['date_updated'];?></td> + <td><?php echo htmlspecialchars($version['version']);?></td> + <td><?php echo htmlspecialchars($version['date_created']);?></td> + <td><?php echo htmlspecialchars($version['date_updated']);?></td> <td><?php echo $version_status;?></td> - <td> <a href="tbl_tracking.php?<?php echo $url_query;?>&report=true&version=<?php echo $version['version'];?>"><?php echo $strTrackingReport;?></a> | <a href="tbl_tracking.php?<?php echo $url_query;?>&snapshot=true&version=<?php echo $version['version'];?>"><?php echo $strTrackingStructureSnapshot;?></a></td> + <td> <a href="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $version['version']) +);?>"><?php echo $strTrackingReport;?></a> + | <a href="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('snapshot' => 'true', 'version' => $version['version']) +);?>"><?php echo $strTrackingStructureSnapshot;?></a> + </td> </tr> <?php if ($style == 'even') { diff --git a/transformation_wrapper.php b/transformation_wrapper.php index 011effe..6f06450 100644 --- a/transformation_wrapper.php +++ b/transformation_wrapper.php @@ -70,7 +70,7 @@ if (isset($ct) && !empty($ct)) { header($content_type);
if (isset($cn) && !empty($cn)) { - header('Content-Disposition: attachment; filename=' . $cn); + header('Content-Disposition: attachment; filename=' . PMA_sanitize_filename($cn)); }
if (!isset($resize)) { diff --git a/translators.html b/translators.html index 5ca2669..24096d7 100644 --- a/translators.html +++ b/translators.html @@ -11,7 +11,7 @@ <link rel="icon" href="./favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - <title>phpMyAdmin 3.3.10.2 - Official translators</title> + <title>phpMyAdmin 3.3.10.4 - Official translators</title> <link rel="stylesheet" type="text/css" href="docs.css" /> </head>
@@ -19,7 +19,7 @@ <div id="header"> <h1> <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a> - 3.3.10.2 + 3.3.10.4 official translators list </h1> </div>
hooks/post-receive