[Phpmyadmin-git] [SCM] phpMyAdmin branch, TESTING, updated. RELEASE_3_3_5_1-9-gfbfc4d6

Michal Čihař nijel at users.sourceforge.net
Fri Aug 20 14:09:26 CEST 2010


The branch, TESTING has been updated
       via  fbfc4d6e6d1be2314ed1d3e13142b1bb861fbfab (commit)
       via  5a0fec9b3c6327bf8d4be31190f0a780a0071e2c (commit)
       via  d128f806057e752db082272fd5e5c2f7244821b9 (commit)
       via  59b3b4916b31fa44f31b1e2d243ca7dda012ba37 (commit)
       via  782b8b46be4f06c695ab713eeefbd75970358e2f (commit)
       via  bf60ec82e948450ae18b9e66c48d27da55ebe860 (commit)
       via  f273e6cbf6e2eea7367f7ef9c63c97ea55b92ca0 (commit)
       via  d2e0e09e0d402555a6223f0b683fdbfa97821a63 (commit)
       via  b337f45a0a1ba8ff28e3d13f194f137e9aa85e8e (commit)
       via  05ca00e0a20d0eb4848d69bf7a1365df5bba872d (commit)
       via  48e909660032ddcbc13172830761e363e7a64d72 (commit)
       via  be0f47a93141e2950ad400b8d22a2a98512825c2 (commit)
       via  cd205cc55a46e3dc0f8883966f5c854f842e1000 (commit)
       via  7dc6cea06522b2d4af50934c983f3967540a4918 (commit)
       via  6028221d97efa2a7d56a61ab4c5750d1b2343619 (commit)
       via  2a1233b69ccc6c64819c2840ca5277c2dde0b9e0 (commit)
       via  25ac7de38c125d8067f42bab24212891389ac1e3 (commit)
       via  fa30188dde357426d339d0d7e29a3969f88d188a (commit)
       via  00add5c43f594f80dab6304a5bb35d2e50540d2d (commit)
       via  c75e41d5d8cdd9bbc745c8cbe2c16998fda1de0c (commit)
       via  533e10213590e7ccd83b98a5cd19ba1c3be119dd (commit)
       via  ea3b718fc379c15e773cc2f18ea4c8ccfa9af57b (commit)
       via  7f266483b827fb05a4be11663003418c2ef1c878 (commit)
       via  5bcd95a42c8ba924d389eafee4d7be80bd4039a3 (commit)
       via  6d548f7d449b7d4b796949d10a503484f63eaf82 (commit)
      from  b40458875721cefa2ee16241e7a657463452999d (commit)


- Log -----------------------------------------------------------------
commit fbfc4d6e6d1be2314ed1d3e13142b1bb861fbfab
Merge: b40458875721cefa2ee16241e7a657463452999d 5a0fec9b3c6327bf8d4be31190f0a780a0071e2c
Author: Michal Čihař <mcihar at novell.com>
Date:   Fri Aug 20 13:55:43 2010 +0200

    Merge branch 'MAINT_3_3_5' into TESTING

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                            |    3 +++
 Documentation.html                   |    4 ++--
 README                               |    4 ++--
 db_search.php                        |    2 +-
 db_sql.php                           |    2 +-
 error.php                            |   10 +++++++---
 libraries/Config.class.php           |    2 +-
 libraries/common.lib.php             |    9 +++++----
 libraries/database_interface.lib.php |    4 ++++
 libraries/db_info.inc.php            |    3 ++-
 libraries/dbi/mysql.dbi.lib.php      |    2 ++
 libraries/dbi/mysqli.dbi.lib.php     |    2 ++
 libraries/sanitizing.lib.php         |   17 +++++++++++++++--
 libraries/sqlparser.lib.php          |    2 +-
 server_databases.php                 |   22 ++++++++++++++++++----
 server_privileges.php                |   30 +++++++++++++++---------------
 sql.php                              |   14 +++++++-------
 tbl_sql.php                          |    2 +-
 translators.html                     |    4 ++--
 19 files changed, 91 insertions(+), 47 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 53adf96..4183ff5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
 $Id$
 $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
 
+3.3.5.1 (2010-10-20)
+- [core] Fixed various XSS issues, see PMASA-2010-5 for more details.
+
 3.3.5.0 (2010-07-26)
 - patch #2932113 [information_schema] Slow export when having lots of
   databases, thanks to Stéphane Pontier - shadow_walker
diff --git a/Documentation.html b/Documentation.html
index 100b9ae..289d02a 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -10,7 +10,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
     <link rel="icon" href="./favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>phpMyAdmin 3.3.5 - Documentation</title>
+    <title>phpMyAdmin 3.3.5.1 - Documentation</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
 
@@ -18,7 +18,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
 <div id="header">
     <h1>
         <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
-        3.3.5 
+        3.3.5.1
         Documentation
     </h1>
 </div>
diff --git a/README b/README
index 279f66f..072d0d9 100644
--- a/README
+++ b/README
@@ -5,8 +5,8 @@ phpMyAdmin - Readme
 
   A set of PHP-scripts to manage MySQL over the web.
 
-  Version 3.3.5
-  -------------
+  Version 3.3.5.1
+  ---------------
   http://www.phpmyadmin.net/
 
     Copyright (C) 1998-2000 Tobias Ratschiller <tobias_at_ratschiller.com>
diff --git a/db_search.php b/db_search.php
index 751675d..455aa61 100644
--- a/db_search.php
+++ b/db_search.php
@@ -355,7 +355,7 @@ $alter_select =
     <tr><td align="right">
             <?php echo $GLOBALS['strSearchInField']; ?></td>
         <td><input type="text" name="field_str" size="60"
-                value="<?php echo ! empty($field_str) ? $field_str : ''; ?>" /></td>
+                value="<?php echo ! empty($field_str) ? htmlspecialchars($field_str) : ''; ?>" /></td>
     </tr>
     </table>
 </fieldset>
diff --git a/db_sql.php b/db_sql.php
index 2ac198b..420561e 100644
--- a/db_sql.php
+++ b/db_sql.php
@@ -37,7 +37,7 @@ if ($num_tables == 0 && empty($db_query_force)) {
 /**
  * Query box, bookmark, insert data from textfile
  */
-PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? $_REQUEST['delimiter'] : ';');
+PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? htmlspecialchars($_REQUEST['delimiter']) : ';');
 
 /**
  * Displays the footer
diff --git a/error.php b/error.php
index 674d08e..7e86ffb 100644
--- a/error.php
+++ b/error.php
@@ -76,10 +76,14 @@ header('Content-Type: text/html; charset=' . $charset);
 <body>
 <h1>phpMyAdmin - <?php echo $type; ?></h1>
 <p><?php
-if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
-    echo PMA_sanitize(stripslashes($_REQUEST['error']));
+if (!empty($_REQUEST['error'])) {
+    if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
+        echo PMA_sanitize(stripslashes($_REQUEST['error']));
+    } else {
+        echo PMA_sanitize($_REQUEST['error']);
+    }
 } else {
-    echo PMA_sanitize($_REQUEST['error']);
+    echo 'No error message!';
 }
 ?></p>
 </body>
diff --git a/libraries/Config.class.php b/libraries/Config.class.php
index e73de8b..0ac18b2 100644
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -92,7 +92,7 @@ class PMA_Config
      */
     function checkSystem()
     {
-        $this->set('PMA_VERSION', '3.3.5');
+        $this->set('PMA_VERSION', '3.3.5.1');
         /**
          * @deprecated
          */
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index c62d518..4a9c789 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -575,7 +575,7 @@ function PMA_mysqlDie($error_message = '', $the_query = '',
         $formatted_sql = '';
     } else {
         if (strlen($the_query) > $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) {
-            $formatted_sql = substr($the_query, 0, $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) . '[...]';
+            $formatted_sql = htmlspecialchars(substr($the_query, 0, $GLOBALS['cfg']['MaxCharactersInDisplayedSQL'])) . '[...]';
         } else {
             $formatted_sql = PMA_formatSql(PMA_SQP_parse($the_query), $the_query);
         }
@@ -705,22 +705,23 @@ function PMA_mysqlDie($error_message = '', $the_query = '',
 function PMA_sendHeaderLocation($uri)
 {
     if (PMA_IS_IIS && strlen($uri) > 600) {
+        require_once './libraries/js_escape.lib.php';
 
         echo '<html><head><title>- - -</title>' . "\n";
         echo '<meta http-equiv="expires" content="0">' . "\n";
         echo '<meta http-equiv="Pragma" content="no-cache">' . "\n";
         echo '<meta http-equiv="Cache-Control" content="no-cache">' . "\n";
-        echo '<meta http-equiv="Refresh" content="0;url=' .$uri . '">' . "\n";
+        echo '<meta http-equiv="Refresh" content="0;url=' .  htmlspecialchars($uri) . '">' . "\n";
         echo '<script type="text/javascript">' . "\n";
         echo '//<![CDATA[' . "\n";
-        echo 'setTimeout("window.location = unescape(\'"' . $uri . '"\')", 2000);' . "\n";
+        echo 'setTimeout("window.location = unescape(\'"' . PMA_escapeJsString($uri) . '"\')", 2000);' . "\n";
         echo '//]]>' . "\n";
         echo '</script>' . "\n";
         echo '</head>' . "\n";
         echo '<body>' . "\n";
         echo '<script type="text/javascript">' . "\n";
         echo '//<![CDATA[' . "\n";
-        echo 'document.write(\'<p><a href="' . $uri . '">' . $GLOBALS['strGo'] . '</a></p>\');' . "\n";
+        echo 'document.write(\'<p><a href="' . htmlspecialchars($uri) . '">' . $GLOBALS['strGo'] . '</a></p>\');' . "\n";
         echo '//]]>' . "\n";
         echo '</script></body></html>' . "\n";
 
diff --git a/libraries/database_interface.lib.php b/libraries/database_interface.lib.php
index a7d9e72..3c0408d 100644
--- a/libraries/database_interface.lib.php
+++ b/libraries/database_interface.lib.php
@@ -205,6 +205,10 @@ function PMA_usort_comparison_callback($a, $b)
     } else {
         $sorter = 'strcasecmp';
     }
+    /* No sorting when key is not present */
+    if (!isset($a[$GLOBALS['callback_sort_by']]) || ! isset($b[$GLOBALS['callback_sort_by']])) {
+        return 0;
+    }
     // produces f.e.:
     // return -1 * strnatcasecmp($a["SCHEMA_TABLES"], $b["SCHEMA_TABLES"])
     return ($GLOBALS['callback_sort_order'] == 'ASC' ? 1 : -1) * $sorter($a[$GLOBALS['callback_sort_by']], $b[$GLOBALS['callback_sort_by']]);
diff --git a/libraries/db_info.inc.php b/libraries/db_info.inc.php
index 4f59baa..1e5b401 100644
--- a/libraries/db_info.inc.php
+++ b/libraries/db_info.inc.php
@@ -213,7 +213,8 @@ if (! isset($sot_ready)) {
         );
 
         // Make sure the sort type is implemented
-        if ($sort = $sortable_name_mappings[$_REQUEST['sort']]) {
+        if (isset($sortable_name_mappings[$_REQUEST['sort']])) {
+            $sort = $sortable_name_mappings[$_REQUEST['sort']];
             if ($_REQUEST['sort_order'] == 'DESC') {
                 $sort_order = 'DESC';
             }
diff --git a/libraries/dbi/mysql.dbi.lib.php b/libraries/dbi/mysql.dbi.lib.php
index 2754588..4750ee2 100644
--- a/libraries/dbi/mysql.dbi.lib.php
+++ b/libraries/dbi/mysql.dbi.lib.php
@@ -348,6 +348,8 @@ function PMA_DBI_getError($link = null)
         $error_message = PMA_DBI_convert_message($error_message);
     }
 
+    $error_message = htmlspecialchars($error_message);
+
     // Some errors messages cannot be obtained by mysql_error()
     if ($error_number == 2002) {
         $error = '#' . ((string) $error_number) . ' - ' . $GLOBALS['strServerNotResponding'] . ' ' . $GLOBALS['strSocketProblem'];
diff --git a/libraries/dbi/mysqli.dbi.lib.php b/libraries/dbi/mysqli.dbi.lib.php
index 913bce6..52f7601 100644
--- a/libraries/dbi/mysqli.dbi.lib.php
+++ b/libraries/dbi/mysqli.dbi.lib.php
@@ -406,6 +406,8 @@ function PMA_DBI_getError($link = null)
         $error_message = PMA_DBI_convert_message($error_message);
     }
 
+    $error_message = htmlspecialchars($error_message);
+
     if ($error_number == 2002) {
         $error = '#' . ((string) $error_number) . ' - ' . $GLOBALS['strServerNotResponding'] . ' ' . $GLOBALS['strSocketProblem'];
     } else {
diff --git a/libraries/sanitizing.lib.php b/libraries/sanitizing.lib.php
index 2b54bf1..d17fc50 100644
--- a/libraries/sanitizing.lib.php
+++ b/libraries/sanitizing.lib.php
@@ -9,17 +9,26 @@
 
 /**
  * Sanitizes $message, taking into account our special codes
- * for formatting
+ * for formatting.
+ *
+ * If you want to include result in element attribute, you should escape it.
+ *
+ * Examples:
+ *
+ * <p><?php echo PMA_sanitize($foo); ?></p>
+ *
+ * <a title="<?php echo PMA_sanitize($foo, true); ?>">bar</a>
  *
  * @uses    preg_replace()
  * @uses    strtr()
  * @param   string   the message
+ * @param   boolean  whether to escape html in result
  *
  * @return  string   the sanitized message
  *
  * @access  public
  */
-function PMA_sanitize($message)
+function PMA_sanitize($message, $escape = false)
 {
     $replace_pairs = array(
         '<'         => '<',
@@ -67,6 +76,10 @@ function PMA_sanitize($message)
         $message = preg_replace($pattern, '<a href="\1" target="\2">', $message);
     }
 
+    if ($escape) {
+        $message = htmlspecialchars($message);
+    }
+
     return $message;
 }
 ?>
diff --git a/libraries/sqlparser.lib.php b/libraries/sqlparser.lib.php
index 53f239a..f844e23 100644
--- a/libraries/sqlparser.lib.php
+++ b/libraries/sqlparser.lib.php
@@ -2456,7 +2456,7 @@ if (! defined('PMA_MINIMUM_COMMON')) {
             }
             $after                 .= "\n";
 */
-            $str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : $arr[$i]['data']). $after;
+            $str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : htmlspecialchars($arr[$i]['data'])). $after;
         } // end for
         if ($mode=='color') {
             $str .= '</span>';
diff --git a/server_databases.php b/server_databases.php
index 47037cc..5e6d0ec 100644
--- a/server_databases.php
+++ b/server_databases.php
@@ -22,7 +22,21 @@ require './libraries/replication.inc.php';
 if (empty($_REQUEST['sort_by'])) {
     $sort_by = 'SCHEMA_NAME';
 } else {
-    $sort_by = PMA_sanitize($_REQUEST['sort_by']);
+    $sort_by_whitelist = array(
+        'SCHEMA_NAME',
+        'DEFAULT_COLLATION_NAME',
+        'SCHEMA_TABLES',
+        'SCHEMA_TABLE_ROWS',
+        'SCHEMA_DATA_LENGTH',
+        'SCHEMA_INDEX_LENGTH',
+        'SCHEMA_LENGTH',
+        'SCHEMA_DATA_FREE'
+    );
+    if (in_array($_REQUEST['sort_by'], $sort_by_whitelist)) {
+        $sort_by = $_REQUEST['sort_by'];
+    } else {
+        $sort_by = 'SCHEMA_NAME';
+    }
 }
 
 if (isset($_REQUEST['sort_order'])
@@ -342,11 +356,11 @@ if ($databases_count > 0) {
     unset($column_order, $stat_name, $stat, $databases, $table_columns);
 
     if ($is_superuser || $cfg['AllowUserDropDatabase']) {
-        $common_url_query = PMA_generate_common_url() . '&sort_by=' . $sort_by . '&sort_order=' . $sort_order . '&dbstats=' . $dbstats;
+        $common_url_query = PMA_generate_common_url(array('sort_by' => $sort_by, 'sort_order' => $sort_order, 'dbstats' => $dbstats));
         echo '<img class="selectallarrow" src="' . $pmaThemeImage . 'arrow_' . $text_dir . '.png" width="38" height="22" alt="' . $strWithChecked . '" />' . "\n"
-           . '<a href="./server_databases.php?' . $common_url_query . '&checkall=1" onclick="if (markAllRows(\'tabledatabases\')) return false;">' . "\n"
+           . '<a href="./server_databases.php' . $common_url_query . '&checkall=1" onclick="if (markAllRows(\'tabledatabases\')) return false;">' . "\n"
            . '    ' . $strCheckAll . '</a> / ' . "\n"
-           . '<a href="./server_databases.php?' . $common_url_query . '" onclick="if (unMarkAllRows(\'tabledatabases\')) return false;">' . "\n"
+           . '<a href="./server_databases.php' . $common_url_query . '" onclick="if (unMarkAllRows(\'tabledatabases\')) return false;">' . "\n"
            . '    ' . $strUncheckAll . '</a>' . "\n"
            . '<i>' . $strWithChecked . '</i>' . "\n";
         PMA_buttonOrImage('drop_selected_dbs', 'mult_submit', 'drop_selected_dbs', $strDrop, 'b_deltbl.png');
diff --git a/server_privileges.php b/server_privileges.php
index fd2796f..d43896b 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -1151,7 +1151,7 @@ if (!empty($update_privs)) {
     }
     $sql_query = $sql_query0 . ' ' . $sql_query1 . ' ' . $sql_query2;
     $message = PMA_Message::success('strUpdatePrivMessage');
-    $message->addParam('\'' . $username . '\'@\'' . $hostname . '\'');
+    $message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
 }
 
 
@@ -1175,7 +1175,7 @@ if (isset($_REQUEST['revokeall'])) {
     }
     $sql_query = $sql_query0 . ' ' . $sql_query1;
     $message = PMA_Message::success('strRevokeMessage');
-    $message->addParam('\'' . $username . '\'@\'' . $hostname . '\'');
+    $message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
     if (! isset($tablename)) {
         unset($dbname);
     } else {
@@ -1211,7 +1211,7 @@ if (isset($_REQUEST['change_pw'])) {
         PMA_DBI_try_query($local_query)
             or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, FALSE, $err_url);
         $message = PMA_Message::success('strPasswordChanged');
-        $message->addParam('\'' . $username . '\'@\'' . $hostname . '\'');
+        $message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
     }
 }
 
@@ -1590,8 +1590,8 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
 
         if (isset($dbname)) {
             echo ' <i><a href="server_privileges.php?'
-                . $GLOBALS['url_query'] . '&username=' . urlencode($username)
-                . '&hostname=' . urlencode($hostname) . '&dbname=&tablename=">\''
+                . $GLOBALS['url_query'] . '&username=' . htmlspecialchars(urlencode($username))
+                . '&hostname=' . htmlspecialchars(urlencode($hostname)) . '&dbname=&tablename=">\''
                 . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname)
                 . '\'</a></i>' . "\n";
             $url_dbname = urlencode(str_replace(array('\_', '\%'), array('_', '%'), $dbname));
@@ -1599,8 +1599,8 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
             echo ' - ' . ($dbname_is_wildcard ? $GLOBALS['strDatabases'] : $GLOBALS['strDatabase'] );
             if (isset($tablename)) {
                 echo ' <i><a href="server_privileges.php?' . $GLOBALS['url_query']
-                    . '&username=' . urlencode($username) . '&hostname=' . urlencode($hostname)
-                    . '&dbname=' . $url_dbname . '&tablename=">' . htmlspecialchars($dbname) . '</a></i>';
+                    . '&username=' . htmlspecialchars(urlencode($username)) . '&hostname=' . htmlspecialchars(urlencode($hostname))
+                    . '&dbname=' . htmlspecialchars($url_dbname) . '&tablename=">' . htmlspecialchars($dbname) . '</a></i>';
                 echo ' - ' . $GLOBALS['strTable'] . ' <i>' . htmlspecialchars($tablename) . '</i>';
             } else {
                 echo ' <i>' . htmlspecialchars($dbname) . '</i>';
@@ -1834,16 +1834,16 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
                     }
                     echo '</td>' . "\n"
                        . '    <td>';
-                    printf($link_edit, urlencode($username),
-                        urlencode($hostname),
-                        urlencode((! isset($dbname)) ? $row['Db'] : $dbname),
+                    printf($link_edit, htmlspecialchars(urlencode($username)),
+                        urlencode(htmlspecialchars($hostname)),
+                        urlencode((! isset($dbname)) ? $row['Db'] : htmlspecialchars($dbname)),
                         urlencode((! isset($dbname)) ? '' : $row['Table_name']));
                     echo '</td>' . "\n"
                        . '    <td>';
                     if (! empty($row['can_delete']) || isset($row['Table_name']) && strlen($row['Table_name'])) {
-                        printf($link_revoke, urlencode($username),
-                            urlencode($hostname),
-                            urlencode((! isset($dbname)) ? $row['Db'] : $dbname),
+                        printf($link_revoke, htmlspecialchars(urlencode($username)),
+                            urlencode(htmlspecialchars($hostname)),
+                            urlencode((! isset($dbname)) ? $row['Db'] : htmlspecialchars($dbname)),
                             urlencode((! isset($dbname)) ? '' : $row['Table_name']));
                     }
                     echo '</td>' . "\n"
@@ -1923,7 +1923,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
             if (isset($tablename)) {
                 echo ' [ ' . $GLOBALS['strTable'] . ' <a href="'
                     . $GLOBALS['cfg']['DefaultTabTable'] . '?' . $GLOBALS['url_query']
-                    . '&db=' . $url_dbname . '&table=' . urlencode($tablename)
+                    . '&db=' . $url_dbname . '&table=' . htmlspecialchars(urlencode($tablename))
                     . '&reload=1">' . htmlspecialchars($tablename) . ': '
                     . PMA_getTitleForTarget($GLOBALS['cfg']['DefaultTabTable'])
                     . "</a> ]\n";
@@ -2150,7 +2150,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
 
     // Offer to create a new user for the current database
     echo '<fieldset id="fieldset_add_user">' . "\n"
-       . '    <a href="server_privileges.php?' . $GLOBALS['url_query'] . '&adduser=1&dbname=' . $checkprivs .'">' . "\n"
+       . '    <a href="server_privileges.php?' . $GLOBALS['url_query'] . '&adduser=1&dbname=' . htmlspecialchars($checkprivs) .'">' . "\n"
        . PMA_getIcon('b_usradd.png')
        . '        ' . $GLOBALS['strAddUser'] . '</a>' . "\n"
        . '</fieldset>' . "\n";
diff --git a/sql.php b/sql.php
index 4898860..15b1beb 100644
--- a/sql.php
+++ b/sql.php
@@ -175,14 +175,14 @@ if ($do_confirm) {
         .PMA_generate_common_hidden_inputs($db, $table);
     ?>
     <input type="hidden" name="sql_query" value="<?php echo htmlspecialchars($sql_query); ?>" />
-    <input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? PMA_sanitize($zero_rows) : ''; ?>" />
+    <input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? PMA_sanitize($zero_rows, true) : ''; ?>" />
     <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
-    <input type="hidden" name="back" value="<?php echo isset($back) ? PMA_sanitize($back) : ''; ?>" />
-    <input type="hidden" name="reload" value="<?php echo isset($reload) ? PMA_sanitize($reload) : 0; ?>" />
-    <input type="hidden" name="purge" value="<?php echo isset($purge) ? PMA_sanitize($purge) : ''; ?>" />
-    <input type="hidden" name="cpurge" value="<?php echo isset($cpurge) ? PMA_sanitize($cpurge) : ''; ?>" />
-    <input type="hidden" name="purgekey" value="<?php echo isset($purgekey) ? PMA_sanitize($purgekey) : ''; ?>" />
-    <input type="hidden" name="show_query" value="<?php echo isset($show_query) ? PMA_sanitize($show_query) : ''; ?>" />
+    <input type="hidden" name="back" value="<?php echo isset($back) ? PMA_sanitize($back, true) : ''; ?>" />
+    <input type="hidden" name="reload" value="<?php echo isset($reload) ? PMA_sanitize($reload, true) : 0; ?>" />
+    <input type="hidden" name="purge" value="<?php echo isset($purge) ? PMA_sanitize($purge, true) : ''; ?>" />
+    <input type="hidden" name="cpurge" value="<?php echo isset($cpurge) ? PMA_sanitize($cpurge, true) : ''; ?>" />
+    <input type="hidden" name="purgekey" value="<?php echo isset($purgekey) ? PMA_sanitize($purgekey, true) : ''; ?>" />
+    <input type="hidden" name="show_query" value="<?php echo isset($show_query) ? PMA_sanitize($show_query, true) : ''; ?>" />
     <?php
     echo '<fieldset class="confirmation">' . "\n"
         .'    <legend>' . $strDoYouReally . '</legend>'
diff --git a/tbl_sql.php b/tbl_sql.php
index 5565d92..f3c3aac 100644
--- a/tbl_sql.php
+++ b/tbl_sql.php
@@ -38,7 +38,7 @@ require_once './libraries/tbl_links.inc.php';
 /**
  * Query box, bookmark, insert data from textfile
  */
-PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? $_REQUEST['delimiter'] : ';');
+PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? htmlspecialchars($_REQUEST['delimiter']) : ';');
 
 /**
  * Displays the footer
diff --git a/translators.html b/translators.html
index d847a9e..eb8c6ff 100644
--- a/translators.html
+++ b/translators.html
@@ -11,7 +11,7 @@
     <link rel="icon" href="./favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>phpMyAdmin 3.3.5 - Official translators</title>
+    <title>phpMyAdmin 3.3.5.1 - Official translators</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
 
@@ -19,7 +19,7 @@
 <div id="header">
     <h1>
         <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
-        3.3.5 
+        3.3.5.1
         official translators list
     </h1>
 </div>


hooks/post-receive
-- 
phpMyAdmin




More information about the Git mailing list