[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_3, updated. RELEASE_3_3_10_1-16-g1d60fb6

Marc Delisle lem9 at users.sourceforge.net
Sun Jul 3 02:56:02 CEST 2011 

The branch, QA_3_3 has been updated
       via  1d60fb6da9bc9488c897f57efca21cb683ca8b8a (commit)
       via  b8be5ebe2f98354eb7273e12a32f450daaa1479f (commit)
       via  ab31a2565f494c69e6b0d9a82a2932c7656592b5 (commit)
       via  5ee357a572866e730d83f56d6187a67c7c48e523 (commit)
       via  911a83393e5b7064084fd140889d0fb2f3166b99 (commit)
       via  ca74f480f119a53ef07ca40d2ab28f063cc89ec9 (commit)
       via  2e01647949df937040e73a94ce0bac0daecbdcf4 (commit)
       via  6e6e129f26295c83d67b74e202628a4b8bc49e54 (commit)
       via  6eae88e65f39347e480cf67008f3d98f19f47248 (commit)
      from  1ec75facafab7fc88e486a20222c07c88730a925 (commit)


- Log -----------------------------------------------------------------
commit 1d60fb6da9bc9488c897f57efca21cb683ca8b8a
Author: Marc Delisle <marc at infomarc.info>
Date:   Sat Jul 2 20:45:06 2011 -0400

    3.3.10.2 release

commit b8be5ebe2f98354eb7273e12a32f450daaa1479f
Merge: 1ec75facafab7fc88e486a20222c07c88730a925 ab31a2565f494c69e6b0d9a82a2932c7656592b5
Author: Marc Delisle <marc at infomarc.info>
Date:   Sat Jul 2 20:42:04 2011 -0400

    Merge branch 'MAINT_3_3_10' into QA_3_3

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                                 |    7 +++++++
 libraries/auth/swekey/swekey.auth.lib.php |    5 ++---
 libraries/display_tbl.lib.php             |    2 +-
 libraries/server_synchronize.lib.php      |    2 +-
 setup/lib/ConfigFile.class.php            |    2 +-
 5 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 920123b..0aa00f1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,13 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 
 3.3.11.0 (not yet released)
 
+3.3.10.2 (2011-07-02)
+- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
+- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
+- [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7
+- [security] Fixed filtering of a file path, which allowed for directory travers
+al, see PMASA-2011-8
+
 3.3.10.1 (2011-05-20)
 - [security] XSS on Tracking page
 
diff --git a/libraries/auth/swekey/swekey.auth.lib.php b/libraries/auth/swekey/swekey.auth.lib.php
index 3dbad75..2a790c4 100644
--- a/libraries/auth/swekey/swekey.auth.lib.php
+++ b/libraries/auth/swekey/swekey.auth.lib.php
@@ -263,11 +263,10 @@ function Swekey_login($input_name, $input_go)
 	}
 }
 
-if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false)
+if (!empty($_GET['session_to_unset']))
 {
-    parse_str($_SERVER['QUERY_STRING']);
 	session_write_close();
-	session_id($session_to_unset);
+	session_id($_GET['session_to_unset']);
 	session_start();
 	$_SESSION = array();
 	session_write_close();
diff --git a/libraries/display_tbl.lib.php b/libraries/display_tbl.lib.php
index 7ef333d..186ce3e 100644
--- a/libraries/display_tbl.lib.php
+++ b/libraries/display_tbl.lib.php
@@ -1220,7 +1220,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
             if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
 
                 if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) {
-                    $include_file = $GLOBALS['mime_map'][$meta->name]['transformation'];
+                    $include_file = PMA_securePath($GLOBALS['mime_map'][$meta->name]['transformation']);
 
                     if (file_exists('./libraries/transformations/' . $include_file)) {
                         $transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']);
diff --git a/libraries/server_synchronize.lib.php b/libraries/server_synchronize.lib.php
index 79948b9..646ef25 100644
--- a/libraries/server_synchronize.lib.php
+++ b/libraries/server_synchronize.lib.php
@@ -624,7 +624,7 @@ function PMA_createTargetTables($src_db, $trg_db, $src_link, $trg_link, &$uncomm
         $Create_Query = PMA_DBI_fetch_value("SHOW CREATE TABLE " . PMA_backquote($src_db) . '.' . PMA_backquote($uncommon_tables[$table_index]), 0, 1, $src_link);
 
         // Replace the src table name with a `dbname`.`tablename`
-        $Create_Table_Query = preg_replace('/' . PMA_backquote($uncommon_tables[$table_index]) . '/', 
+        $Create_Table_Query = preg_replace('/' . preg_quote(PMA_backquote($uncommon_tables[$table_index]), '/') . '/', 
                                             PMA_backquote($trg_db) . '.' .PMA_backquote($uncommon_tables[$table_index]),
                                             $Create_Query,
                                             $limit = 1
diff --git a/setup/lib/ConfigFile.class.php b/setup/lib/ConfigFile.class.php
index c0ff63d..978eba3 100644
--- a/setup/lib/ConfigFile.class.php
+++ b/setup/lib/ConfigFile.class.php
@@ -286,7 +286,7 @@ class ConfigFile
         if ($this->getServerCount() > 0) {
             $ret .= "/* Servers configuration */$crlf\$i = 0;" . $crlf . $crlf;
             foreach ($c['Servers'] as $id => $server) {
-                $ret .= '/* Server: ' . strtr($this->getServerName($id), '*/', '-') . " [$id] */" . $crlf
+                $ret .= '/* Server: ' . strtr($this->getServerName($id) . " [$id] ", '*/', '-') . "*/" . $crlf
                     . '$i++;' . $crlf;
                 foreach ($server as $k => $v) {
                     $k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list