[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_3, updated. RELEASE_3_3_10_2-16-g8a5c5c8

Marc Delisle lem9 at users.sourceforge.net
Sat Jul 23 13:58:01 CEST 2011 

The branch, QA_3_3 has been updated
       via  8a5c5c8ef525e59f3368f993d3cc0ab2bb57ea7e (commit)
       via  6cb0ad8a0de2890ef9cf895804455d1d6206df72 (commit)
       via  2254a70fad144a2b6b3820c325be7304765e41d7 (commit)
       via  8ac8328229ae7493d6060b6272578d85879c698d (commit)
       via  630b8260be45eb9b211f5d7628dbb9e5c1b05bc6 (commit)
       via  f6f6ee3f1171addb166fa18e75a0b56599bf374c (commit)
      from  1d60fb6da9bc9488c897f57efca21cb683ca8b8a (commit)


- Log -----------------------------------------------------------------
commit 8a5c5c8ef525e59f3368f993d3cc0ab2bb57ea7e
Merge: 1d60fb6da9bc9488c897f57efca21cb683ca8b8a 6cb0ad8a0de2890ef9cf895804455d1d6206df72
Author: Marc Delisle <marc at infomarc.info>
Date:   Sat Jul 23 07:56:45 2011 -0400

    Fix merge conflicts

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                                 |    4 ++++
 libraries/auth/swekey/swekey.auth.lib.php |   12 +++++++-----
 tbl_printview.php                         |    4 ++--
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0aa00f1..f0200a5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,10 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 
 3.3.11.0 (not yet released)
 
+3.3.10.3 (2011-07-23)
+- [security] Fixed XSS vulnerability, see PMASA-2011-9
+- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12
+
 3.3.10.2 (2011-07-02)
 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
diff --git a/libraries/auth/swekey/swekey.auth.lib.php b/libraries/auth/swekey/swekey.auth.lib.php
index 2a790c4..197de1c 100644
--- a/libraries/auth/swekey/swekey.auth.lib.php
+++ b/libraries/auth/swekey/swekey.auth.lib.php
@@ -143,7 +143,9 @@ function Swekey_auth_error()
         return "Internal Error: CA File $caFile not found";
 
     $result = null;
-    parse_str($_SERVER['QUERY_STRING']);
+	$swekey_id = $_GET['swekey_id'];
+	$swekey_otp = $_GET['swekey_otp'];
+
     if (isset($swekey_id)) {
         unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
         if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
@@ -166,7 +168,7 @@ function Swekey_auth_error()
                 $result = $GLOBALS['strSwekeyNoKey'];
                 if ($_SESSION['SWEKEY']['CONF_DEBUG'])
                 {
-                    $result .= "<br>".$swekey_id;
+                    $result .= "<br>" . htmlspecialchars($swekey_id);
                 }
                 unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
              }
@@ -186,16 +188,16 @@ function Swekey_auth_error()
         <script>
 	    if (key.length != 32)
 	    {
-	        window.location.search="?swekey_id=" + key;
+	        window.location.search="?swekey_id=" + key + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
 	    }
 	    else
 	    {
 	        var url = "" + window.location;
 	        if (url.indexOf("?") > 0)
 	            url = url.substr(0, url.indexOf("?"));
-	        Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>");
+	        Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION[' PMA_token ']; ?>");
 	     	var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
-	        window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp;
+	        window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
 	    }
         </script>
         <?php
diff --git a/tbl_printview.php b/tbl_printview.php
index c5b17ab..2b38e24 100644
--- a/tbl_printview.php
+++ b/tbl_printview.php
@@ -72,7 +72,7 @@ if ($multi_tables) {
         $tbl_list .= (empty($tbl_list) ? '' : ', ')
                   . PMA_backquote($table);
     }
-    echo '<strong>'.  $strShowTables . ': ' . $tbl_list . '</strong>' . "\n";
+    echo '<strong>'.  $strShowTables . ': ' . htmlspecialchars($tbl_list) . '</strong>' . "\n";
     echo '<hr />' . "\n";
 } // end if
 
@@ -87,7 +87,7 @@ foreach ($the_tables as $key => $table) {
     }
     $counter++;
     echo '<div' . $breakstyle . '>' . "\n";
-    echo '<h1>' . $table . '</h1>' . "\n";
+    echo '<h1>' .  htmlspecialchars($table) . '</h1>' . "\n";
 
     /**
      * Gets table informations


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list