[Phpmyadmin-git] [SCM] phpMyAdmin branch, MAINT_2_11_10, updated. RELEASE_2_11_10-19-gb1cb559
Michal Čihař
nijel at users.sourceforge.net
Fri Aug 20 14:04:18 CEST 2010
The branch, MAINT_2_11_10 has been updated
via b1cb5590eefd2977bdb3a6e45796d5a4189e95ad (commit)
via 437e00ef2eec5fbc743f652c93d90b3853dcf825 (commit)
via a88dbaf305a44107ffb557e9d93512792744af84 (commit)
via e7d10a6d53582abcf20455ad0051048a991023af (commit)
via 2051a861f8a968dafc297650036cc7e640a18887 (commit)
via 0fd0512c9b7344abad60ab9effb7b7537b2b5d08 (commit)
via 4a50055d52cb1d6ba125b743b0eb422d5549b9c9 (commit)
via 30c83acddb58d3bbf940b5f9ec28abf5b235f4d2 (commit)
via a7c004d8d4069ca3c7d1c221f37b9cab39e36aaf (commit)
via 8b7f07cd954221f276ab11e2c3d98f18deb2f551 (commit)
via 1fe1aa6c0e2d85bed1343f4be21d672368e0a9c1 (commit)
via 8b8ce64792bb981cefc37a19f29f28f112df1c16 (commit)
via 0fe30236fac3c00ff123b9d48cc0b4b2ff6a7746 (commit)
via a4a54da173440d4c5097aececef56c28c14dc52e (commit)
via c69fca50ee81ff74cda860aad339d4185d32e194 (commit)
via c910f4c9ec9af876675d96df3fa65d7fc4551cc6 (commit)
via 08e27b89077df26a0f7f0390322bbe80e0437aa1 (commit)
via 110c44a7a3117b94b065742606cc6f7bc05f8cd5 (commit)
via 4951fd1c854d88e22935fd55d342fcb1670dc8e4 (commit)
from 8535d48ae9c8ea554393802db68dbc9ec571b864 (commit)
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 5 +++++
Documentation.html | 4 ++--
README | 4 ++--
db_sql.php | 2 +-
error.php | 10 +++++++---
libraries/Config.class.php | 2 +-
libraries/common.lib.php | 9 +++++----
libraries/database_interface.lib.php | 4 ++++
libraries/dbi/mysql.dbi.lib.php | 2 ++
libraries/dbi/mysqli.dbi.lib.php | 2 ++
libraries/sanitizing.lib.php | 17 +++++++++++++++--
libraries/sqlparser.lib.php | 2 +-
scripts/setup.php | 1 +
server_databases.php | 6 +++---
server_privileges.php | 32 ++++++++++++++++----------------
sql.php | 14 +++++++-------
tbl_sql.php | 2 +-
translators.html | 4 ++--
18 files changed, 77 insertions(+), 45 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 8c3a59a..e20be30 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,11 @@ phpMyAdmin - ChangeLog
$Id$
$HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
+2.11.10.1 (2010-08-20)
+- [setup] Fixed output sanitizing in setup script, see PMASA-2010-4 for
+ more details.
+- [core] Fixed various XSS issues, see PMASA-2010-5 for more details.
+
2.11.10.0 (2009-12-07)
- [core] safer handling of temporary files with open_basedir (thanks to Thijs
Kinkhorst)
diff --git a/Documentation.html b/Documentation.html
index 8998b08..85b6715 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -11,7 +11,7 @@
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <title>phpMyAdmin 2.11.10 - Documentation</title>
+ <title>phpMyAdmin 2.11.10.1 - Documentation</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -33,7 +33,7 @@
<li><a href="#glossary">Glossary</a></li>
</ul>
-<h1>phpMyAdmin 2.11.10 Documentation</h1>
+<h1>phpMyAdmin 2.11.10.1 Documentation</h1>
<ul><li><a href="http://www.phpmyadmin.net/">
phpMyAdmin homepage</a></li>
diff --git a/README b/README
index a6b34c8..9480f6a 100644
--- a/README
+++ b/README
@@ -5,8 +5,8 @@ phpMyAdmin - Readme
A set of PHP-scripts to manage MySQL over the web.
- Version 2.11.10
- ---------------
+ Version 2.11.10.1
+ -----------------
http://www.phpmyadmin.net/
Copyright (C) 1998-2000 Tobias Ratschiller <tobias_at_ratschiller.com>
diff --git a/db_sql.php b/db_sql.php
index 6c582c3..32d30e4 100644
--- a/db_sql.php
+++ b/db_sql.php
@@ -36,7 +36,7 @@ if ($num_tables == 0 && empty($db_query_force)) {
/**
* Query box, bookmark, insert data from textfile
*/
-PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? $_REQUEST['delimiter'] : ';');
+PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? htmlspecialchars($_REQUEST['delimiter']) : ';');
/**
* Displays the footer
diff --git a/error.php b/error.php
index e0abb44..750ac60 100644
--- a/error.php
+++ b/error.php
@@ -73,10 +73,14 @@ header('Content-Type: text/html; charset=' . $charset);
<body>
<h1>phpMyAdmin - <?php echo $type; ?></h1>
<p><?php
-if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
- echo PMA_sanitize(stripslashes($_REQUEST['error']));
+if (!empty($_REQUEST['error'])) {
+ if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
+ echo PMA_sanitize(stripslashes($_REQUEST['error']));
+ } else {
+ echo PMA_sanitize($_REQUEST['error']);
+ }
} else {
- echo PMA_sanitize($_REQUEST['error']);
+ echo 'No error message!';
}
?></p>
</body>
diff --git a/libraries/Config.class.php b/libraries/Config.class.php
index 05bd2e1..6029a03 100644
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -85,7 +85,7 @@ class PMA_Config
*/
function checkSystem()
{
- $this->set('PMA_VERSION', '2.11.10');
+ $this->set('PMA_VERSION', '2.11.10.1');
/**
* @deprecated
*/
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index 626bbe3..716af94 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -473,7 +473,7 @@ function PMA_mysqlDie($error_message = '', $the_query = '',
$formatted_sql = '';
} else {
if (strlen($the_query) > $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) {
- $formatted_sql = substr($the_query, 0, $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) . '[...]';
+ $formatted_sql = htmlspecialchars(substr($the_query, 0, $GLOBALS['cfg']['MaxCharactersInDisplayedSQL'])) . '[...]';
} else {
$formatted_sql = PMA_formatSql(PMA_SQP_parse($the_query), $the_query);
}
@@ -622,22 +622,23 @@ function PMA_convert_using($string, $mode='unquoted', $force_utf8 = false)
function PMA_sendHeaderLocation($uri)
{
if (PMA_IS_IIS && strlen($uri) > 600) {
+ require_once './libraries/js_escape.lib.php';
echo '<html><head><title>- - -</title>' . "\n";
echo '<meta http-equiv="expires" content="0">' . "\n";
echo '<meta http-equiv="Pragma" content="no-cache">' . "\n";
echo '<meta http-equiv="Cache-Control" content="no-cache">' . "\n";
- echo '<meta http-equiv="Refresh" content="0;url=' .$uri . '">' . "\n";
+ echo '<meta http-equiv="Refresh" content="0;url=' . htmlspecialchars($uri) . '">' . "\n";
echo '<script type="text/javascript">' . "\n";
echo '//<![CDATA[' . "\n";
- echo 'setTimeout("window.location = unescape(\'"' . $uri . '"\')", 2000);' . "\n";
+ echo 'setTimeout("window.location = unescape(\'"' . PMA_escapeJsString($uri) . '"\')", 2000);' . "\n";
echo '//]]>' . "\n";
echo '</script>' . "\n";
echo '</head>' . "\n";
echo '<body>' . "\n";
echo '<script type="text/javascript">' . "\n";
echo '//<![CDATA[' . "\n";
- echo 'document.write(\'<p><a href="' . $uri . '">' . $GLOBALS['strGo'] . '</a></p>\');' . "\n";
+ echo 'document.write(\'<p><a href="' . htmlspecialchars($uri) . '">' . $GLOBALS['strGo'] . '</a></p>\');' . "\n";
echo '//]]>' . "\n";
echo '</script></body></html>' . "\n";
diff --git a/libraries/database_interface.lib.php b/libraries/database_interface.lib.php
index 9a40c55..b7d122c 100644
--- a/libraries/database_interface.lib.php
+++ b/libraries/database_interface.lib.php
@@ -208,6 +208,10 @@ function PMA_usort_comparison_callback($a, $b)
} else {
$sorter = 'strcasecmp';
}
+ /* No sorting when key is not present */
+ if (!isset($a[$GLOBALS['callback_sort_by']]) || ! isset($b[$GLOBALS['callback_sort_by']])) {
+ return 0;
+ }
// produces f.e.:
// return -1 * strnatcasecmp($a["SCHEMA_TABLES"], $b["SCHEMA_TABLES"])
return ($GLOBALS['callback_sort_order'] == 'ASC' ? 1 : -1) * $sorter($a[$GLOBALS['callback_sort_by']], $b[$GLOBALS['callback_sort_by']]);
diff --git a/libraries/dbi/mysql.dbi.lib.php b/libraries/dbi/mysql.dbi.lib.php
index 3ae84b8..b0275b1 100644
--- a/libraries/dbi/mysql.dbi.lib.php
+++ b/libraries/dbi/mysql.dbi.lib.php
@@ -300,6 +300,8 @@ function PMA_DBI_getError($link = null)
$error_message = PMA_DBI_convert_message($error_message);
}
+ $error_message = htmlspecialchars($error_message);
+
// Some errors messages cannot be obtained by mysql_error()
if ($error_number == 2002) {
$error = '#' . ((string) $error_number) . ' - ' . $GLOBALS['strServerNotResponding'] . ' ' . $GLOBALS['strSocketProblem'];
diff --git a/libraries/dbi/mysqli.dbi.lib.php b/libraries/dbi/mysqli.dbi.lib.php
index 705477e..13b3eaf 100644
--- a/libraries/dbi/mysqli.dbi.lib.php
+++ b/libraries/dbi/mysqli.dbi.lib.php
@@ -417,6 +417,8 @@ function PMA_DBI_getError($link = null)
$error_message = PMA_DBI_convert_message($error_message);
}
+ $error_message = htmlspecialchars($error_message);
+
if ($error_number == 2002) {
$error = '#' . ((string) $error_number) . ' - ' . $GLOBALS['strServerNotResponding'] . ' ' . $GLOBALS['strSocketProblem'];
} elseif (defined('PMA_MYSQL_INT_VERSION') && PMA_MYSQL_INT_VERSION >= 40100) {
diff --git a/libraries/sanitizing.lib.php b/libraries/sanitizing.lib.php
index 388ca13..3ba7224 100644
--- a/libraries/sanitizing.lib.php
+++ b/libraries/sanitizing.lib.php
@@ -7,17 +7,26 @@
/**
* Sanitizes $message, taking into account our special codes
- * for formatting
+ * for formatting.
+ *
+ * If you want to include result in element attribute, you should escape it.
+ *
+ * Examples:
+ *
+ * <p><?php echo PMA_sanitize($foo); ?></p>
+ *
+ * <a title="<?php echo PMA_sanitize($foo, true); ?>">bar</a>
*
* @uses preg_replace()
* @uses strtr()
* @param string the message
+ * @param boolean whether to escape html in result
*
* @return string the sanitized message
*
* @access public
*/
-function PMA_sanitize($message)
+function PMA_sanitize($message, $escape = false)
{
$replace_pairs = array(
'<' => '<',
@@ -65,6 +74,10 @@ function PMA_sanitize($message)
$message = preg_replace($pattern, '<a href="\1" target="\2">', $message);
}
+ if ($escape) {
+ $message = htmlspecialchars($message);
+ }
+
return $message;
}
?>
diff --git a/libraries/sqlparser.lib.php b/libraries/sqlparser.lib.php
index 488cde2..753f94c 100644
--- a/libraries/sqlparser.lib.php
+++ b/libraries/sqlparser.lib.php
@@ -2425,7 +2425,7 @@ if (! defined('PMA_MINIMUM_COMMON')) {
}
$after .= "\n";
*/
- $str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : $arr[$i]['data']). $after;
+ $str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : htmlspecialchars($arr[$i]['data'])). $after;
} // end for
if ($mode=='color') {
$str .= '</span>';
diff --git a/scripts/setup.php b/scripts/setup.php
index 2f3d09d..49dd67b 100644
--- a/scripts/setup.php
+++ b/scripts/setup.php
@@ -518,6 +518,7 @@ function get_cfg_val($name, $val) {
}
}
if ($type == 'string') {
+ $k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);
$ret .= get_cfg_val($name . "['$k']", $v);
} elseif ($type == 'int') {
$ret .= ' ' . PMA_var_export($v) . ',' . $crlf;
diff --git a/server_databases.php b/server_databases.php
index b9b8898..2b3e0a5 100644
--- a/server_databases.php
+++ b/server_databases.php
@@ -287,11 +287,11 @@ if ($databases_count > 0) {
unset($column_order, $stat_name, $stat, $databases, $table_columns);
if ($is_superuser || $cfg['AllowUserDropDatabase']) {
- $common_url_query = PMA_generate_common_url() . '&sort_by=' . $sort_by . '&sort_order=' . $sort_order . '&dbstats=' . $dbstats;
+ $common_url_query = PMA_generate_common_url(array('sort_by' => $sort_by, 'sort_order' => $sort_order, 'dbstats' => $dbstats));
echo '<img class="selectallarrow" src="' . $pmaThemeImage . 'arrow_' . $text_dir . '.png" width="38" height="22" alt="' . $strWithChecked . '" />' . "\n"
- . '<a href="./server_databases.php?' . $common_url_query . '&checkall=1" onclick="if (markAllRows(\'tabledatabases\')) return false;">' . "\n"
+ . '<a href="./server_databases.php' . $common_url_query . '&checkall=1" onclick="if (markAllRows(\'tabledatabases\')) return false;">' . "\n"
. ' ' . $strCheckAll . '</a> / ' . "\n"
- . '<a href="./server_databases.php?' . $common_url_query . '" onclick="if (unMarkAllRows(\'tabledatabases\')) return false;">' . "\n"
+ . '<a href="./server_databases.php' . $common_url_query . '" onclick="if (unMarkAllRows(\'tabledatabases\')) return false;">' . "\n"
. ' ' . $strUncheckAll . '</a>' . "\n"
. '<i>' . $strWithChecked . '</i>' . "\n";
PMA_buttonOrImage('drop_selected_dbs', 'mult_submit', 'drop_selected_dbs', $strDrop, 'b_deltbl.png');
diff --git a/server_privileges.php b/server_privileges.php
index 23d174b..a030c56 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -602,7 +602,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0) {
. $spaces . ' <option value="userdefined"' . ((!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined') ? ' selected="selected"' : '') . '>' . $GLOBALS['strUseTextField'] . ':</option>' . "\n"
. $spaces . ' </select>' . "\n"
. $spaces . '</span>' . "\n"
- . $spaces . '<input type="text" name="username" maxlength="' . $username_length . '" title="' . $GLOBALS['strUserName'] . '"' . (empty($GLOBALS['username']) ? '' : ' value="' . (isset($GLOBALS['new_username']) ? $GLOBALS['new_username'] : $GLOBALS['username']) . '"') . ' onchange="pred_username.value = \'userdefined\';" />' . "\n"
+ . $spaces . '<input type="text" name="username" maxlength="' . $username_length . '" title="' . $GLOBALS['strUserName'] . '"' . (empty($GLOBALS['username']) ? '' : ' value="' . htmlspecialchars(isset($GLOBALS['new_username']) ? $GLOBALS['new_username'] : $GLOBALS['username']) . '"') . ' onchange="pred_username.value = \'userdefined\';" />' . "\n"
. $spaces . '</div>' . "\n"
. $spaces . '<div class="item">' . "\n"
. $spaces . '<label for="select_pred_hostname">' . "\n"
@@ -650,7 +650,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0) {
. $spaces . ' <option value="userdefined"' . ((isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'userdefined') ? ' selected="selected"' : '') . '>' . $GLOBALS['strUseTextField'] . ':</option>' . "\n"
. $spaces . ' </select>' . "\n"
. $spaces . '</span>' . "\n"
- . $spaces . '<input type="text" name="hostname" maxlength="' . $hostname_length . '" value="' . (isset($GLOBALS['hostname']) ? $GLOBALS['hostname'] : '') . '" title="' . $GLOBALS['strHost'] . '" onchange="pred_hostname.value = \'userdefined\';" />' . "\n"
+ . $spaces . '<input type="text" name="hostname" maxlength="' . $hostname_length . '" value="' . htmlspecialchars(isset($GLOBALS['hostname']) ? $GLOBALS['hostname'] : '') . '" title="' . $GLOBALS['strHost'] . '" onchange="pred_hostname.value = \'userdefined\';" />' . "\n"
. $spaces . '</div>' . "\n"
. $spaces . '<div class="item">' . "\n"
. $spaces . '<label for="select_pred_password">' . "\n"
@@ -757,14 +757,14 @@ if (!empty($adduser_submit) || !empty($change_copy)) {
if (PMA_DBI_num_rows($res) == 1) {
PMA_DBI_free_result($res);
- $message = sprintf($GLOBALS['strUserAlreadyExists'], '[i]\'' . $username . '\'@\'' . $hostname . '\'[/i]');
+ $message = sprintf($GLOBALS['strUserAlreadyExists'], '[i]\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'[/i]');
$adduser = 1;
} else {
PMA_DBI_free_result($res);
if (50002 <= PMA_MYSQL_INT_VERSION) {
// MySQL 5 requires CREATE USER before any GRANT on this user can done
- $create_user_real = 'CREATE USER \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';
+ $create_user_real = 'CREATE USER \'' . PMA_sqlAddslashes($username) . '\'@\'' . htmlspecialchars($hostname) . '\'';
}
$real_sql_query =
@@ -1048,7 +1048,7 @@ if (!empty($update_privs)) {
$sql_query = (isset($sql_query0) ? $sql_query0 . ' ' : '')
. (isset($sql_query1) ? $sql_query1 . ' ' : '')
. $sql_query2;
- $message = sprintf($GLOBALS['strUpdatePrivMessage'], '\'' . $username . '\'@\'' . $hostname . '\'');
+ $message = sprintf($GLOBALS['strUpdatePrivMessage'], '\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
}
@@ -1080,7 +1080,7 @@ if (!empty($revokeall)) {
unset($sql_query1);
}
$sql_query = $sql_query0 . (isset($sql_query1) ? ' ' . $sql_query1 : '');
- $message = sprintf($GLOBALS['strRevokeMessage'], '\'' . $username . '\'@\'' . $hostname . '\'');
+ $message = sprintf($GLOBALS['strRevokeMessage'], '\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
if (! isset($tablename) || ! strlen($tablename)) {
unset($dbname);
} else {
@@ -1115,7 +1115,7 @@ if (!empty($change_pw)) {
$sql_query = 'SET PASSWORD FOR \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . preg_replace('@. at s', '*', $pma_pw) . '\')');
$local_query = 'SET PASSWORD FOR \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddslashes($pma_pw) . '\')');
PMA_DBI_try_query($local_query) or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, FALSE, $err_url);
- $message = sprintf($GLOBALS['strPasswordChanged'], '\'' . $username . '\'@\'' . $hostname . '\'');
+ $message = sprintf($GLOBALS['strPasswordChanged'], '\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
}
}
@@ -1588,17 +1588,17 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
echo '<h2>' . "\n"
. ($GLOBALS['cfg']['PropertiesIconic'] ? '<img class="icon" src="' . $pmaThemeImage . 'b_usredit.png" width="16" height="16" alt="" />' : '')
- . $GLOBALS['strUser'] . ' <i><a href="server_privileges.php?' . $GLOBALS['url_query'] . '&username=' . urlencode($username) . '&hostname=' . urlencode($hostname) . '">\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'</a></i>' . "\n";
+ . $GLOBALS['strUser'] . ' <i><a href="server_privileges.php?' . $GLOBALS['url_query'] . '&username=' . htmlspecialchars(urlencode($username)) . '&hostname=' . htmlspecialchars(urlencode($hostname)) . '">\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'</a></i>' . "\n";
if (isset($dbname) && strlen($dbname)) {
if ($dbname_is_wildcard) {
echo ' - ' . $GLOBALS['strDatabases'];
} else {
echo ' - ' . $GLOBALS['strDatabase'];
}
- $url_dbname = urlencode(str_replace('\_', '_', $dbname));
+ $url_dbname = htmlspecialchars(urlencode(str_replace('\_', '_', $dbname)));
echo ' <i><a href="' . $GLOBALS['cfg']['DefaultTabDatabase'] . '?' . $GLOBALS['url_query'] . '&db=' . $url_dbname . '&reload=1">' . htmlspecialchars($dbname) . '</a></i>' . "\n";
if (isset($tablename) && strlen($tablename)) {
- echo ' - ' . $GLOBALS['strTable'] . ' <i><a href="' . $GLOBALS['cfg']['DefaultTabTable'] . '?' . $GLOBALS['url_query'] . '&db=' . $url_dbname . '&table=' . urlencode($tablename) . '&reload=1">' . htmlspecialchars($tablename) . '</a></i>' . "\n";
+ echo ' - ' . $GLOBALS['strTable'] . ' <i><a href="' . $GLOBALS['cfg']['DefaultTabTable'] . '?' . $GLOBALS['url_query'] . '&db=' . $url_dbname . '&table=' . htmlspecialchars(urlencode($tablename)) . '&reload=1">' . htmlspecialchars($tablename) . '</a></i>' . "\n";
}
unset($url_dbname);
}
@@ -1839,16 +1839,16 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
}
echo '</td>' . "\n"
. ' <td>';
- printf($link_edit, urlencode($username),
- urlencode($hostname),
- urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname),
+ printf($link_edit, htmlspecialchars(urlencode($username)),
+ htmlspecialchars(urlencode($hostname)),
+ htmlspecialchars(urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname)),
urlencode((! isset($dbname) || ! strlen($dbname)) ? '' : $row['Table_name']));
echo '</td>' . "\n"
. ' <td>';
if (! empty($row['can_delete']) || isset($row['Table_name']) && strlen($row['Table_name'])) {
- printf($link_revoke, urlencode($username),
- urlencode($hostname),
- urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname),
+ printf($link_revoke, htmlspecialchars(urlencode($username)),
+ htmlspecialchars(urlencode($hostname)),
+ htmlspecialchars(urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname)),
urlencode((! isset($dbname) || ! strlen($dbname)) ? '' : $row['Table_name']));
}
echo '</td>' . "\n"
diff --git a/sql.php b/sql.php
index 35bdab5..2a744c5 100644
--- a/sql.php
+++ b/sql.php
@@ -175,14 +175,14 @@ if ($do_confirm) {
.PMA_generate_common_hidden_inputs($db, $table);
?>
<input type="hidden" name="sql_query" value="<?php echo htmlspecialchars($sql_query); ?>" />
- <input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? PMA_sanitize($zero_rows) : ''; ?>" />
+ <input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? PMA_sanitize($zero_rows, true) : ''; ?>" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" />
- <input type="hidden" name="back" value="<?php echo isset($back) ? PMA_sanitize($back) : ''; ?>" />
- <input type="hidden" name="reload" value="<?php echo isset($reload) ? PMA_sanitize($reload) : 0; ?>" />
- <input type="hidden" name="purge" value="<?php echo isset($purge) ? PMA_sanitize($purge) : ''; ?>" />
- <input type="hidden" name="cpurge" value="<?php echo isset($cpurge) ? PMA_sanitize($cpurge) : ''; ?>" />
- <input type="hidden" name="purgekey" value="<?php echo isset($purgekey) ? PMA_sanitize($purgekey) : ''; ?>" />
- <input type="hidden" name="show_query" value="<?php echo isset($show_query) ? PMA_sanitize($show_query) : ''; ?>" />
+ <input type="hidden" name="back" value="<?php echo isset($back) ? PMA_sanitize($back, true) : ''; ?>" />
+ <input type="hidden" name="reload" value="<?php echo isset($reload) ? PMA_sanitize($reload, true) : 0; ?>" />
+ <input type="hidden" name="purge" value="<?php echo isset($purge) ? PMA_sanitize($purge, true) : ''; ?>" />
+ <input type="hidden" name="cpurge" value="<?php echo isset($cpurge) ? PMA_sanitize($cpurge, true) : ''; ?>" />
+ <input type="hidden" name="purgekey" value="<?php echo isset($purgekey) ? PMA_sanitize($purgekey, true) : ''; ?>" />
+ <input type="hidden" name="show_query" value="<?php echo isset($show_query) ? PMA_sanitize($show_query, true) : ''; ?>" />
<?php
echo '<fieldset class="confirmation">' . "\n"
.' <legend>' . $strDoYouReally . '</legend>'
diff --git a/tbl_sql.php b/tbl_sql.php
index f27a3b9..f9c71d8 100644
--- a/tbl_sql.php
+++ b/tbl_sql.php
@@ -37,7 +37,7 @@ require_once './libraries/tbl_links.inc.php';
/**
* Query box, bookmark, insert data from textfile
*/
-PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? $_REQUEST['delimiter'] : ';');
+PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? htmlspecialchars($_REQUEST['delimiter']) : ';');
/**
* Displays the footer
diff --git a/translators.html b/translators.html
index 2fb69de..b271c13 100644
--- a/translators.html
+++ b/translators.html
@@ -8,7 +8,7 @@
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <title>phpMyAdmin 2.11.10 - Official translators</title>
+ <title>phpMyAdmin 2.11.10.1 - Official translators</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -31,7 +31,7 @@
<li><a href="Documentation.html#glossary">Glossary</a></li>
</ul>
-<h1>phpMyAdmin 2.11.10 official translators list</h1>
+<h1>phpMyAdmin 2.11.10.1 official translators list</h1>
<p> Here is the list of the "official translators" of
phpMyAdmin.</p>
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list