The branch, MAINT_3_4_3 has been updated via ff536da86576efe733e4dfb5d69c8481ae590e2e (commit) via bd63726ee3daf32799f499b61d7cde973d8e8660 (commit) via 09c0f7ae557e40102fbfd23c4bea4939e19f0f29 (commit) via 571cdc6ff4bf375871b594f4e06f8ad3159d1754 (commit) via e7bb42c002885c2aca7aba4d431b8c63ae4de9b7 (commit) via 3ae58f0cd6b89ad4767920f9b214c38d3f6d4393 (commit) via 3caa6cbb7ed1b1933c3bded493a2fbc8273d746f (commit) via f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c (commit) via 951fb4dd79253a3aca8b6e386db77c1affcfc3a9 (commit) via 4bd27166c314faa37cada91533b86377f4d4d214 (commit) via a0823be05aa5835f207c0838b9cca67d2d9a050a (commit) via d7cffc5dbde68342d46e891ea2c8bd72de134f43 (commit) from e214683f9fe4955dcbf0ffce045983728c7fa9d3 (commit)

- Log ----------------------------------------------------------------- commit ff536da86576efe733e4dfb5d69c8481ae590e2e Author: Marc Delisle marc@infomarc.info Date: Sat Jul 23 08:32:25 2011 -0400

3.4.3.2 release

-----------------------------------------------------------------------

Summary of changes: ChangeLog | 18 ++++++++++++------ Documentation.html | 4 ++-- README | 2 +- libraries/Config.class.php | 2 +- libraries/auth/swekey/swekey.auth.lib.php | 12 +++++++----- libraries/schema/User_Schema.class.php | 7 +++++-- schema_export.php | 4 +++- sql.php | 2 +- tbl_printview.php | 4 ++-- 9 files changed, 34 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog index fe71031..05d5fe5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,12 @@ phpMyAdmin - ChangeLog ======================

+3.4.3.2 (2011-07-23) +- [security] Fixed XSS vulnerability, see PMASA-2011-9 +- [security] Fixed local file inclusion vulnerability, see PMASA-2011-10 +- [security] Fixed local file inclusion vulnerability and code execution, see PMASA-2011-11 +- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12 + 3.4.3.1 (2011-07-02) - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6 @@ -95,7 +101,7 @@ phpMyAdmin - ChangeLog + patch #2974341 [structure] Clicking on table name in db Structure should Browse the table if possible, thanks to bhdouglass - dougboybhd + patch #2975533 [search] New search operators, thanks to - Martynas Mickevičius + Martynas Mickevičius + patch #2967320 [designer] Colored relations based on the primary key, thanks to GreenRover - greenrover - [core] Provide way for vendors to easily change paths to config files. @@ -249,7 +255,7 @@ phpMyAdmin - ChangeLog

3.3.7.0 (2010-09-07) - patch #3050492 [PDF scratchboard] Cannot drag table box to the edge after - a page size increase, thanks to Martin Schönberger - mad05 + a page size increase, thanks to Martin Schönberger - mad05

3.3.6.0 (2010-08-28) - bug #3033063 [core] Navi gets wrong db name @@ -270,7 +276,7 @@ phpMyAdmin - ChangeLog

3.3.5.0 (2010-07-26) - patch #2932113 [information_schema] Slow export when having lots of - databases, thanks to Stéphane Pontier - shadow_walker + databases, thanks to Stéphane Pontier - shadow_walker - bug #3022705 [import] Import button does not work in Catalan when there is no progress bar possible - bug [replication] Do not offer information_schema in the list of databases @@ -310,9 +316,9 @@ phpMyAdmin - ChangeLog - patch #2984893 [engines] InnoDB storage page emits a warning, thanks to Madhura Jayaratne - madhuracj - bug #2974687, bug #2974692 [compatibility] PHPExcel : IBM AIX iconv() does not work, - thanks to Björn Wiberg - bwiberg + thanks to Björn Wiberg - bwiberg - bug #2983066 [interface] Flush table on table operations shows the query twice, - thanks to Martynas Mickevičius - BlinK_ + thanks to Martynas Mickevičius - BlinK_ - bug #2983060, patch #2987900 [interface] Fix initial state of tables in designer, thanks to Sutharshan Balachandren. - bug #2983062, patch #2989408 [engines] Fix warnings when changing table @@ -391,7 +397,7 @@ phpMyAdmin - ChangeLog + rfe #2839504 [engines] Support InnoDB plugin's new row formats + [core] Added ability for synchronizing databases among servers. + [lang] #2843101 Dutch update, thanks to scavenger2008 -+ [lang] Galician update, thanks to Xosé Calvo - xosecalvo ++ [lang] Galician update, thanks to Xosé Calvo - xosecalvo + [export] Added MediaWiki export module, thanks to Derek Schaefer - drummingds1 + [lang] Turkish update, thanks to Burak Yavuz diff --git a/Documentation.html b/Documentation.html index 25b9731..15f8000 100644 --- a/Documentation.html +++ b/Documentation.html @@ -9,7 +9,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <link rel="icon" href="./favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - <title>phpMyAdmin 3.4.3.1 - Documentation</title> + <title>phpMyAdmin 3.4.3.2 - Documentation</title> <link rel="stylesheet" type="text/css" href="docs.css" /> </head>

@@ -17,7 +17,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 <div id="header"> <h1> <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a> - 3.4.3.1 + 3.4.3.2 Documentation </h1> </div> diff --git a/README b/README index e57152a..65f7c52 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ phpMyAdmin - Readme ===================

-Version 3.4.3.1 +Version 3.4.3.2

A set of PHP-scripts to manage MySQL over the web.

diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 28625f2..0cec6a9 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -96,7 +96,7 @@ class PMA_Config */ function checkSystem() { - $this->set('PMA_VERSION', '3.4.3.1'); + $this->set('PMA_VERSION', '3.4.3.2'); /** * @deprecated */ diff --git a/libraries/auth/swekey/swekey.auth.lib.php b/libraries/auth/swekey/swekey.auth.lib.php index c5f613b..8ec5ab4 100644 --- a/libraries/auth/swekey/swekey.auth.lib.php +++ b/libraries/auth/swekey/swekey.auth.lib.php @@ -143,7 +143,9 @@ function Swekey_auth_error() return "Internal Error: CA File $caFile not found";

$result = null; - parse_str($_SERVER['QUERY_STRING']); + $swekey_id = $_GET['swekey_id']; + $swekey_otp = $_GET['swekey_otp']; + if (isset($swekey_id)) { unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']); if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) { @@ -166,7 +168,7 @@ function Swekey_auth_error() $result = __('No valid authentication key plugged'); if ($_SESSION['SWEKEY']['CONF_DEBUG']) { - $result .= "<br>".$swekey_id; + $result .= "<br>" . htmlspecialchars($swekey_id); } unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file } @@ -186,16 +188,16 @@ function Swekey_auth_error() <script> if (key.length != 32) { - window.location.search="?swekey_id=" + key; + window.location.search="?swekey_id=" + key + "&token=<?php echo $_SESSION[' PMA_token ']; ?>"; } else { var url = "" + window.location; if (url.indexOf("?") > 0) url = url.substr(0, url.indexOf("?")); - Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>"); + Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION[' PMA_token ']; ?>"); var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>); - window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp; + window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php echo $_SESSION[' PMA_token ']; ?>"; } </script> <?php diff --git a/libraries/schema/User_Schema.class.php b/libraries/schema/User_Schema.class.php index fbec138..cb42dde 100644 --- a/libraries/schema/User_Schema.class.php +++ b/libraries/schema/User_Schema.class.php @@ -567,10 +567,13 @@ class PMA_User_Schema require_once './libraries/transformations.lib.php'; require_once './libraries/Index.class.php'; /** - * default is PDF + * default is PDF, otherwise validate it's only letters a-z */ global $db,$export_type; - $export_type = isset($export_type) ? $export_type : 'pdf'; + if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) { + $export_type = 'pdf'; + } + PMA_DBI_select_db($db);

include("./libraries/schema/".ucfirst($export_type)."_Relation_Schema.class.php"); diff --git a/schema_export.php b/schema_export.php index 0a21d32..3e1067d 100644 --- a/schema_export.php +++ b/schema_export.php @@ -37,7 +37,9 @@ include_once("./libraries/schema/Export_Relation_Schema.class.php"); * default is PDF */ global $db,$export_type; -$export_type = isset($export_type) ? $export_type : 'pdf'; +if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) { + $export_type = 'pdf'; +} PMA_DBI_select_db($db);

$path = PMA_securePath(ucfirst($export_type)); diff --git a/sql.php b/sql.php index 9b19174..eb9254f 100644 --- a/sql.php +++ b/sql.php @@ -719,7 +719,7 @@ if (0 == $num_rows || $is_affected) { parse_str($_REQUEST['transform_fields_list'], $edited_values);

foreach($mime_map as $transformation) { - $include_file = $transformation['transformation']; + $include_file = PMA_securePath($transformation['transformation']); $column_name = $transformation['column_name']; $column_data = $edited_values[$column_name];

diff --git a/tbl_printview.php b/tbl_printview.php index 74b6818..ce007d1 100644 --- a/tbl_printview.php +++ b/tbl_printview.php @@ -69,7 +69,7 @@ if ($multi_tables) { $tbl_list .= (empty($tbl_list) ? '' : ', ') . PMA_backquote($table); } - echo '<strong>'. __('Show tables') . ': ' . $tbl_list . '</strong>' . "\n"; + echo '<strong>'. __('Show tables') . ': ' . htmlspecialchars($tbl_list) . '</strong>' . "\n"; echo '<hr />' . "\n"; } // end if

@@ -84,7 +84,7 @@ foreach ($the_tables as $key => $table) { } $counter++; echo '<div' . $breakstyle . '>' . "\n"; - echo '<h1>' . $table . '</h1>' . "\n"; + echo '<h1>' . htmlspecialchars($table) . '</h1>' . "\n";

/** * Gets table informations

hooks/post-receive