[Phpmyadmin-devel] phpMyAdmin 2.6.1-pl2 is released
Marc Delisle
DelislMa at CollegeSherbrooke.qc.ca
Fri Feb 25 07:25:10 CET 2005
Michal Čihař a écrit :
> Hi
>
> On Thu 24. 2. 2005 20:28, Marc Delisle wrote:
>
>>We are sorry to report that the release of 2.6.1-pl1 introduced an
>>instability, producing various problems. This has been fixed, and
>>here is 2.6.1-pl2.
>>
>>See http://www.phpmyadmin.net.
>
>
> Will you write also security announcement?
Yes, PMASA-2005-1 is already on-line, PMASA-2005-2 is being written
(about path disclosure). When PMASA-2005-2 is on-line, I will send
a email on the lists about both announcements.
>
> Side note: I'm anyway fixing phpMyAdmin for older SUSE distributions, so
> I can provide patches for some older version if wanted.
Good! Can you work on patching 2.2.7-pl1 for a -pl2? Do you have a PHP3
system on-line to test it?
>
> I have only slight problem with 2.4.0 and older where we used code:
>
> if (!empty($_GET)) {
> extract($_GET, EXTR_OVERWRITE);
> } else if (!empty($HTTP_GET_VARS)) {
> extract($HTTP_GET_VARS, EXTR_OVERWRITE);
> } // end if
>
> Will it work if I change EXTR_OVERWRITE to EXTR_SKIP or do I have to
> backport all logic from newer version?
>
I don't remember this old code but I would say it's safer to backport
the whole logic.
Marc
More information about the Developers
mailing list