[Phpmyadmin-git] [SCM] phpMyAdmin branch, MAINT_3_3_10, updated. RELEASE_3_3_10_1-6-gab31a25
Marc Delisle
lem9 at users.sourceforge.net
Sun Jul 3 02:54:53 CEST 2011
The branch, MAINT_3_3_10 has been updated
via ab31a2565f494c69e6b0d9a82a2932c7656592b5 (commit)
via 5ee357a572866e730d83f56d6187a67c7c48e523 (commit)
via 911a83393e5b7064084fd140889d0fb2f3166b99 (commit)
via ca74f480f119a53ef07ca40d2ab28f063cc89ec9 (commit)
via 2e01647949df937040e73a94ce0bac0daecbdcf4 (commit)
via 6e6e129f26295c83d67b74e202628a4b8bc49e54 (commit)
from 6eae88e65f39347e480cf67008f3d98f19f47248 (commit)
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++++
Documentation.html | 4 ++--
README | 2 +-
libraries/Config.class.php | 2 +-
libraries/auth/swekey/swekey.auth.lib.php | 5 ++---
libraries/display_tbl.lib.php | 2 +-
libraries/server_synchronize.lib.php | 2 +-
setup/lib/ConfigFile.class.php | 2 +-
translators.html | 4 ++--
9 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index f207579..3816fdc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,12 @@ phpMyAdmin - ChangeLog
$Id$
$HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
+3.3.10.2 (2011-07-02)
+- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
+- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
+- [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7
+- [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8
+
3.3.10.1 (2011-05-20)
- [security] XSS on Tracking page
diff --git a/Documentation.html b/Documentation.html
index 7797037..89640a1 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -10,7 +10,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>phpMyAdmin 3.3.10.1 - Documentation</title>
+ <title>phpMyAdmin 3.3.10.2 - Documentation</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -18,7 +18,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
<div id="header">
<h1>
<a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
- 3.3.10.1
+ 3.3.10.2
Documentation
</h1>
</div>
diff --git a/README b/README
index 3e821bf..5bce68c 100644
--- a/README
+++ b/README
@@ -5,7 +5,7 @@ phpMyAdmin - Readme
A set of PHP-scripts to manage MySQL over the web.
- Version 3.3.10.1
+ Version 3.3.10.2
----------------
http://www.phpmyadmin.net/
diff --git a/libraries/Config.class.php b/libraries/Config.class.php
index 614cc2e..79a006b 100644
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -92,7 +92,7 @@ class PMA_Config
*/
function checkSystem()
{
- $this->set('PMA_VERSION', '3.3.10.1');
+ $this->set('PMA_VERSION', '3.3.10.2');
/**
* @deprecated
*/
diff --git a/libraries/auth/swekey/swekey.auth.lib.php b/libraries/auth/swekey/swekey.auth.lib.php
index 3dbad75..2a790c4 100644
--- a/libraries/auth/swekey/swekey.auth.lib.php
+++ b/libraries/auth/swekey/swekey.auth.lib.php
@@ -263,11 +263,10 @@ function Swekey_login($input_name, $input_go)
}
}
-if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false)
+if (!empty($_GET['session_to_unset']))
{
- parse_str($_SERVER['QUERY_STRING']);
session_write_close();
- session_id($session_to_unset);
+ session_id($_GET['session_to_unset']);
session_start();
$_SESSION = array();
session_write_close();
diff --git a/libraries/display_tbl.lib.php b/libraries/display_tbl.lib.php
index 7ef333d..186ce3e 100644
--- a/libraries/display_tbl.lib.php
+++ b/libraries/display_tbl.lib.php
@@ -1220,7 +1220,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) {
- $include_file = $GLOBALS['mime_map'][$meta->name]['transformation'];
+ $include_file = PMA_securePath($GLOBALS['mime_map'][$meta->name]['transformation']);
if (file_exists('./libraries/transformations/' . $include_file)) {
$transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']);
diff --git a/libraries/server_synchronize.lib.php b/libraries/server_synchronize.lib.php
index 79948b9..646ef25 100644
--- a/libraries/server_synchronize.lib.php
+++ b/libraries/server_synchronize.lib.php
@@ -624,7 +624,7 @@ function PMA_createTargetTables($src_db, $trg_db, $src_link, $trg_link, &$uncomm
$Create_Query = PMA_DBI_fetch_value("SHOW CREATE TABLE " . PMA_backquote($src_db) . '.' . PMA_backquote($uncommon_tables[$table_index]), 0, 1, $src_link);
// Replace the src table name with a `dbname`.`tablename`
- $Create_Table_Query = preg_replace('/' . PMA_backquote($uncommon_tables[$table_index]) . '/',
+ $Create_Table_Query = preg_replace('/' . preg_quote(PMA_backquote($uncommon_tables[$table_index]), '/') . '/',
PMA_backquote($trg_db) . '.' .PMA_backquote($uncommon_tables[$table_index]),
$Create_Query,
$limit = 1
diff --git a/setup/lib/ConfigFile.class.php b/setup/lib/ConfigFile.class.php
index c0ff63d..978eba3 100644
--- a/setup/lib/ConfigFile.class.php
+++ b/setup/lib/ConfigFile.class.php
@@ -286,7 +286,7 @@ class ConfigFile
if ($this->getServerCount() > 0) {
$ret .= "/* Servers configuration */$crlf\$i = 0;" . $crlf . $crlf;
foreach ($c['Servers'] as $id => $server) {
- $ret .= '/* Server: ' . strtr($this->getServerName($id), '*/', '-') . " [$id] */" . $crlf
+ $ret .= '/* Server: ' . strtr($this->getServerName($id) . " [$id] ", '*/', '-') . "*/" . $crlf
. '$i++;' . $crlf;
foreach ($server as $k => $v) {
$k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);
diff --git a/translators.html b/translators.html
index 3238f69..5ca2669 100644
--- a/translators.html
+++ b/translators.html
@@ -11,7 +11,7 @@
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>phpMyAdmin 3.3.10.1 - Official translators</title>
+ <title>phpMyAdmin 3.3.10.2 - Official translators</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -19,7 +19,7 @@
<div id="header">
<h1>
<a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
- 3.3.10.1
+ 3.3.10.2
official translators list
</h1>
</div>
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list