[Phpmyadmin-devel] phpMyAdmin 2.6.1-pl2 is released

Marc Delisle DelislMa at CollegeSherbrooke.qc.ca
Fri Feb 25 07:25:10 CET 2005

Michal Čihař a écrit :
> Hi
> On Thu 24. 2. 2005 20:28, Marc Delisle wrote:
>>We are sorry to report that the release of 2.6.1-pl1 introduced an
>>instability, producing various problems. This has been fixed, and
>>here is 2.6.1-pl2.
>>See http://www.phpmyadmin.net.
> Will you write also security announcement?

Yes, PMASA-2005-1 is already on-line, PMASA-2005-2 is being written 
(about path disclosure). When PMASA-2005-2 is on-line, I will send
a email on the lists about both announcements.

> Side note: I'm anyway fixing phpMyAdmin for older SUSE distributions, so 
> I can provide patches for some older version if wanted.

Good! Can you work on patching 2.2.7-pl1 for a -pl2? Do you have a PHP3 
system on-line to test it?

> I have only slight problem with 2.4.0 and older where we used code:
>     if (!empty($_GET)) {
>         extract($_GET, EXTR_OVERWRITE);
>     } else if (!empty($HTTP_GET_VARS)) {
>         extract($HTTP_GET_VARS, EXTR_OVERWRITE);
>     } // end if
> Will it work if I change EXTR_OVERWRITE to EXTR_SKIP or do I have to 
> backport all logic from newer version?

I don't remember this old code but I would say it's safer to backport
the whole logic.


More information about the Developers mailing list