[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_2_11, updated. RELEASE_2_11_11_1-12-g373a662
Michal Čihař
nijel at users.sourceforge.net
Thu Jan 6 09:59:33 CET 2011
The branch, QA_2_11 has been updated
via 373a6626ade37c0fee1dfc7c757ca55c7652874b (commit)
via 60bdae640377ed32c717e6f863b77359f04a7bb5 (commit)
via 3f9fd2594076bd8ee0825b59f7caf55be102ce4f (commit)
via b01a58118f973f98ab99a4bb28d340af49fa251f (commit)
via 61d9e561580ccb4a07d6d0c5695c839a22cc3b78 (commit)
via a6e79391b92a48ffef307fa107ce1a61965e4244 (commit)
via 21f624a26574fd45c043ddd27bf5a190b80c2757 (commit)
via e1f4901ffc400b6d2df15eac0ba5015fe48a27c4 (commit)
from 68213538d7b53e3c97b8730a2e6a0e897b8b5ce9 (commit)
- Log -----------------------------------------------------------------
commit 373a6626ade37c0fee1dfc7c757ca55c7652874b
Author: Michal Čihař <mcihar at novell.com>
Date: Thu Jan 6 09:57:13 2011 +0100
Do not load common with PMA_MINIMUM_COMMON
Defining PMA_MINIMUM_COMMON skips authentication, what should not be
done for this file.
commit 60bdae640377ed32c717e6f863b77359f04a7bb5
Author: Michal Čihař <mcihar at novell.com>
Date: Thu Jan 6 09:53:11 2011 +0100
Add .gitignore from master.
commit 3f9fd2594076bd8ee0825b59f7caf55be102ce4f
Merge: b01a58118f973f98ab99a4bb28d340af49fa251f 61d9e561580ccb4a07d6d0c5695c839a22cc3b78
Author: Michal Čihař <mcihar at novell.com>
Date: Thu Jan 6 09:49:31 2011 +0100
Merge remote branch 'origin/MAINT_2_11_11' into QA_2_11
commit b01a58118f973f98ab99a4bb28d340af49fa251f
Author: Michal Čihař <mcihar at novell.com>
Date: Thu Jan 6 09:39:23 2011 +0100
Remove error.php
Redirecting to other script introduces possibility of inject custom
messages to it. Though there is no clear security issue in this, it
might confuse users and mistake them to go to external site as it allows
to include links.
Conflicts:
error.php
libraries/core.lib.php
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 31 ++++++++++++++++
ChangeLog | 4 +-
error.php | 87 ----------------------------------------------
libraries/common.inc.php | 1 -
libraries/core.lib.php | 12 +++---
libraries/error.inc.php | 57 ++++++++++++++++++++++++++++++
phpinfo.php | 1 -
themes/.gitignore | 29 +++++++++++++++
8 files changed, 125 insertions(+), 97 deletions(-)
create mode 100644 .gitignore
delete mode 100644 error.php
create mode 100644 libraries/error.inc.php
create mode 100644 themes/.gitignore
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a773f8e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,31 @@
+# Directory for creating releases
+release
+# Configuration files
+config.inc.php
+config.header.inc.php
+config.footer.inc.php
+# Upload/save dirs
+upload
+save
+# For setup script
+config
+# ctags
+tags
+# Editor files
+phpmyadmin.wpj
+.projectOptions
+.vimrc
+.project
+.settings
+.buildpath
+.cache
+.idea
+*.sw[op]
+# Locales
+locale
+# Backups
+*~
+# Javascript sources
+sources
+# API documentation
+apidoc
diff --git a/ChangeLog b/ChangeLog
index a98d172..b0663e1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,8 +7,8 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
2.11.12.0 (not yet released)
-2.11.11.1 (2010-11-26)
-- bug #3115519 (private) [security] XSS on db search
+2.11.11.1 (2010-11-29)
+- bug #3115519 (private) [security] XSS on db search, see PMASA-2010-8
2.11.11.0 (2010-09-07)
- [core] Fix broken cleanup of $_GET
diff --git a/error.php b/error.php
deleted file mode 100644
index 750ac60..0000000
--- a/error.php
+++ /dev/null
@@ -1,87 +0,0 @@
-<?php
-/* vim: set expandtab sw=4 ts=4 sts=4: */
-/**
- * phpMyAdmin fatal error display page
- *
- * @version $Id$
- */
-
-/* Input sanitizing */
-require_once './libraries/sanitizing.lib.php';
-
-/* Get variables */
-if (! empty($_REQUEST['lang']) && is_string($_REQUEST['lang'])) {
- $lang = htmlspecialchars($_REQUEST['lang']);
-} else {
- $lang = 'en';
-}
-
-if (! empty($_REQUEST['dir']) && is_string($_REQUEST['dir'])) {
- $dir = htmlspecialchars($_REQUEST['dir']);
-} else {
- $dir = 'ltr';
-}
-
-if (! empty($_REQUEST['type']) && is_string($_REQUEST['type'])) {
- $type = htmlspecialchars($_REQUEST['type']);
-} else {
- $type = 'error';
-}
-
-// force utf-8 to avoid XSS with crafted URL and utf-7 in charset parameter
-$charset = 'utf-8';
-
-header('Content-Type: text/html; charset=' . $charset);
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $lang; ?>" dir="<?php echo $dir; ?>">
-<head>
- <link rel="icon" href="./favicon.ico" type="image/x-icon" />
- <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
- <title>phpMyAdmin</title>
- <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $charset; ?>" />
- <style type="text/css">
- <!--
- html {
- padding: 0;
- margin: 0;
- }
- body {
- font-family: sans-serif;
- font-size: small;
- color: #000000;
- background-color: #F5F5F5;
- margin: 1em;
- }
- h1 {
- margin: 0;
- padding: 0.3em;
- font-size: 1.4em;
- font-weight: bold;
- color: #ffffff;
- background-color: #ff0000;
- }
- p {
- margin: 0;
- padding: 0.5em;
- border: 0.1em solid red;
- background-color: #ffeeee;
- }
- //-->
- </style>
-</head>
-<body>
-<h1>phpMyAdmin - <?php echo $type; ?></h1>
-<p><?php
-if (!empty($_REQUEST['error'])) {
- if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
- echo PMA_sanitize(stripslashes($_REQUEST['error']));
- } else {
- echo PMA_sanitize($_REQUEST['error']);
- }
-} else {
- echo 'No error message!';
-}
-?></p>
-</body>
-</html>
diff --git a/libraries/common.inc.php b/libraries/common.inc.php
index 4cb4692..ea9f2d8 100644
--- a/libraries/common.inc.php
+++ b/libraries/common.inc.php
@@ -305,7 +305,6 @@ $goto_whitelist = array(
'db_printview.php',
'db_search.php',
//'Documentation.html',
- //'error.php',
'export.php',
'import.php',
//'index.php',
diff --git a/libraries/core.lib.php b/libraries/core.lib.php
index 669efec..a84e056 100644
--- a/libraries/core.lib.php
+++ b/libraries/core.lib.php
@@ -241,18 +241,18 @@ function PMA_fatalError($error_message, $message_args = null)
$error_message = strtr($error_message, array('<br />' => '[br]'));
// Displays the error message
- // (do not use & for parameters sent by header)
- header('Location: ' . (defined('PMA_SETUP') ? '../' : '') . 'error.php'
- . '?lang=' . urlencode($GLOBALS['available_languages'][$GLOBALS['lang']][2])
- . '&dir=' . urlencode($GLOBALS['text_dir'])
- . '&type=' . urlencode($GLOBALS['strError'])
- . '&error=' . urlencode($error_message));
+ $lang = $GLOBALS['available_languages'][$GLOBALS['lang']][2];
+ $dir = $GLOBALS['text_dir'];
+ $type = $GLOBALS['strError'];
+ $error = $error_message;
// on fatal errors it cannot hurt to always delete the current session
if (isset($GLOBALS['session_name']) && isset($_COOKIE[$GLOBALS['session_name']])) {
PMA_removeCookie($GLOBALS['session_name']);
}
+ require('./libraries/error.inc.php');
+
exit;
}
diff --git a/libraries/error.inc.php b/libraries/error.inc.php
new file mode 100644
index 0000000..95d8847
--- /dev/null
+++ b/libraries/error.inc.php
@@ -0,0 +1,57 @@
+<?php
+/* vim: set expandtab sw=4 ts=4 sts=4: */
+/**
+ * phpMyAdmin fatal error display page
+ *
+ * @package phpMyAdmin
+ */
+
+if (! defined('PHPMYADMIN')) {
+ exit;
+}
+
+header('Content-Type: text/html; charset=utf-8');
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $lang; ?>" dir="<?php echo $dir; ?>">
+<head>
+ <link rel="icon" href="./favicon.ico" type="image/x-icon" />
+ <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
+ <title>phpMyAdmin</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <style type="text/css">
+ <!--
+ html {
+ padding: 0;
+ margin: 0;
+ }
+ body {
+ font-family: sans-serif;
+ font-size: small;
+ color: #000000;
+ background-color: #F5F5F5;
+ margin: 1em;
+ }
+ h1 {
+ margin: 0;
+ padding: 0.3em;
+ font-size: 1.4em;
+ font-weight: bold;
+ color: #ffffff;
+ background-color: #ff0000;
+ }
+ p {
+ margin: 0;
+ padding: 0.5em;
+ border: 0.1em solid red;
+ background-color: #ffeeee;
+ }
+ //-->
+ </style>
+</head>
+<body>
+<h1>phpMyAdmin - <?php echo $error_header; ?></h1>
+<p><?php echo PMA_sanitize($error_message); ?></p>
+</body>
+</html>
+
diff --git a/phpinfo.php b/phpinfo.php
index 56a4c9c..02c6138 100644
--- a/phpinfo.php
+++ b/phpinfo.php
@@ -8,7 +8,6 @@
/**
* Gets core libraries and defines some variables
*/
-define('PMA_MINIMUM_COMMON', true);
require_once './libraries/common.inc.php';
diff --git a/themes/.gitignore b/themes/.gitignore
new file mode 100644
index 0000000..55144c0
--- /dev/null
+++ b/themes/.gitignore
@@ -0,0 +1,29 @@
+aqua
+aqua_brushed
+arctic_ocean
+cactica_blues
+clearview3
+crimson_gray
+dark_lime
+darkblue_gray
+garvblue
+graphivore
+green_orange
+grid
+hillside
+openphpnuke
+original_small
+paradice
+pixeline
+pmahomme
+silk
+silkline
+smooth_yellow
+very_small
+xampp
+xp_basic
+xp_blue
+xp_dirty
+xp_green
+xp_silver
+programmersdarkside
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list