[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3_1-11737-g7e197b6
Marc Delisle
lem9 at users.sourceforge.net
Sat Jul 23 14:34:50 CEST 2011
The branch, master has been updated
via 7e197b695e50f3ba751e48cc45f28ab397534f6f (commit)
via 3534dda30a587eafe3bf5016f2fb302dbc224c2e (commit)
via bd63726ee3daf32799f499b61d7cde973d8e8660 (commit)
via 09c0f7ae557e40102fbfd23c4bea4939e19f0f29 (commit)
via 571cdc6ff4bf375871b594f4e06f8ad3159d1754 (commit)
via e7bb42c002885c2aca7aba4d431b8c63ae4de9b7 (commit)
via 3ae58f0cd6b89ad4767920f9b214c38d3f6d4393 (commit)
via 3caa6cbb7ed1b1933c3bded493a2fbc8273d746f (commit)
via f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c (commit)
via 951fb4dd79253a3aca8b6e386db77c1affcfc3a9 (commit)
via 4bd27166c314faa37cada91533b86377f4d4d214 (commit)
via a0823be05aa5835f207c0838b9cca67d2d9a050a (commit)
via d7cffc5dbde68342d46e891ea2c8bd72de134f43 (commit)
from 5bc41ef1dc31019daaa0933bec967ebff63b55e0 (commit)
- Log -----------------------------------------------------------------
commit 7e197b695e50f3ba751e48cc45f28ab397534f6f
Merge: 5bc41ef1dc31019daaa0933bec967ebff63b55e0 3534dda30a587eafe3bf5016f2fb302dbc224c2e
Author: Marc Delisle <marc at infomarc.info>
Date: Sat Jul 23 08:25:49 2011 -0400
Fix merge conflicts
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 18 ++++++++++-----
libraries/auth/swekey/swekey.auth.lib.php | 32 +++++++++++++++-------------
libraries/schema/User_Schema.class.php | 7 ++++-
schema_export.php | 4 ++-
sql.php | 4 +-
tbl_printview.php | 4 +-
6 files changed, 41 insertions(+), 28 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 16e3cac..feefa80 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -59,6 +59,12 @@ phpMyAdmin - ChangeLog
- bug #3372807 [interface] Fix security warning link in setup
- bug #3374347 [display] Backquotes in normal text on import page
+3.4.3.2 (2011-07-23)
+- [security] Fixed XSS vulnerability, see PMASA-2011-9
+- [security] Fixed local file inclusion vulnerability, see PMASA-2011-10
+- [security] Fixed local file inclusion vulnerability and code execution, see PMASA-2011-11
+- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12
+
3.4.3.1 (2011-07-02)
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
@@ -153,7 +159,7 @@ phpMyAdmin - ChangeLog
+ patch #2974341 [structure] Clicking on table name in db Structure should
Browse the table if possible, thanks to bhdouglass - dougboybhd
+ patch #2975533 [search] New search operators, thanks to
- Martynas MickeviÄius
+ Martynas Mickevičius
+ patch #2967320 [designer] Colored relations based on the primary key,
thanks to GreenRover - greenrover
- [core] Provide way for vendors to easily change paths to config files.
@@ -307,7 +313,7 @@ phpMyAdmin - ChangeLog
3.3.7.0 (2010-09-07)
- patch #3050492 [PDF scratchboard] Cannot drag table box to the edge after
- a page size increase, thanks to Martin Schönberger - mad05
+ a page size increase, thanks to Martin Schönberger - mad05
3.3.6.0 (2010-08-28)
- bug #3033063 [core] Navi gets wrong db name
@@ -328,7 +334,7 @@ phpMyAdmin - ChangeLog
3.3.5.0 (2010-07-26)
- patch #2932113 [information_schema] Slow export when having lots of
- databases, thanks to Stéphane Pontier - shadow_walker
+ databases, thanks to Stéphane Pontier - shadow_walker
- bug #3022705 [import] Import button does not work in Catalan when there
is no progress bar possible
- bug [replication] Do not offer information_schema in the list of databases
@@ -368,9 +374,9 @@ phpMyAdmin - ChangeLog
- patch #2984893 [engines] InnoDB storage page emits a warning,
thanks to Madhura Jayaratne - madhuracj
- bug #2974687, bug #2974692 [compatibility] PHPExcel : IBM AIX iconv() does not work,
- thanks to Björn Wiberg - bwiberg
+ thanks to Björn Wiberg - bwiberg
- bug #2983066 [interface] Flush table on table operations shows the query twice,
- thanks to Martynas MickeviÄius - BlinK_
+ thanks to Martynas Mickevičius - BlinK_
- bug #2983060, patch #2987900 [interface] Fix initial state of tables in
designer, thanks to Sutharshan Balachandren.
- bug #2983062, patch #2989408 [engines] Fix warnings when changing table
@@ -449,7 +455,7 @@ phpMyAdmin - ChangeLog
+ rfe #2839504 [engines] Support InnoDB plugin's new row formats
+ [core] Added ability for synchronizing databases among servers.
+ [lang] #2843101 Dutch update, thanks to scavenger2008
-+ [lang] Galician update, thanks to Xosé Calvo - xosecalvo
++ [lang] Galician update, thanks to Xosé Calvo - xosecalvo
+ [export] Added MediaWiki export module,
thanks to Derek Schaefer - drummingds1
+ [lang] Turkish update, thanks to Burak Yavuz
diff --git a/libraries/auth/swekey/swekey.auth.lib.php b/libraries/auth/swekey/swekey.auth.lib.php
index 184c845..fae3531 100644
--- a/libraries/auth/swekey/swekey.auth.lib.php
+++ b/libraries/auth/swekey/swekey.auth.lib.php
@@ -143,7 +143,9 @@ function Swekey_auth_error()
return "Internal Error: CA File $caFile not found";
$result = null;
- parse_str($_SERVER['QUERY_STRING']);
+ $swekey_id = $_GET['swekey_id'];
+ $swekey_otp = $_GET['swekey_otp'];
+
if (isset($swekey_id)) {
unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
@@ -166,7 +168,7 @@ function Swekey_auth_error()
$result = __('No valid authentication key plugged');
if ($_SESSION['SWEKEY']['CONF_DEBUG'])
{
- $result .= "<br>".$swekey_id;
+ $result .= "<br>" . htmlspecialchars($swekey_id);
}
unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
}
@@ -184,19 +186,19 @@ function Swekey_auth_error()
if (! isset($swekey_id)) {
?>
<script>
- if (key.length != 32)
- {
- window.location.search="?swekey_id=" + key;
- }
- else
- {
- var url = "" + window.location;
- if (url.indexOf("?") > 0)
- url = url.substr(0, url.indexOf("?"));
- Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>");
- var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
- window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp;
- }
+ if (key.length != 32)
+ {
+ window.location.search="?swekey_id=" + key + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
+ }
+ else
+ {
+ var url = "" + window.location;
+ if (url.indexOf("?") > 0)
+ url = url.substr(0, url.indexOf("?"));
+ Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION[' PMA_token ']; ?>");
+ var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
+ window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
+ }
</script>
<?php
return __('Authenticating...');
diff --git a/libraries/schema/User_Schema.class.php b/libraries/schema/User_Schema.class.php
index eb96835..aa39ec5 100644
--- a/libraries/schema/User_Schema.class.php
+++ b/libraries/schema/User_Schema.class.php
@@ -562,10 +562,13 @@ class PMA_User_Schema
require_once './libraries/transformations.lib.php';
require_once './libraries/Index.class.php';
/**
- * default is PDF
+ * default is PDF, otherwise validate it's only letters a-z
*/
global $db,$export_type;
- $export_type = isset($export_type) ? $export_type : 'pdf';
+ if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
+ $export_type = 'pdf';
+ }
+
PMA_DBI_select_db($db);
include("./libraries/schema/".ucfirst($export_type)."_Relation_Schema.class.php");
diff --git a/schema_export.php b/schema_export.php
index 0a21d32..3e1067d 100644
--- a/schema_export.php
+++ b/schema_export.php
@@ -37,7 +37,9 @@ include_once("./libraries/schema/Export_Relation_Schema.class.php");
* default is PDF
*/
global $db,$export_type;
-$export_type = isset($export_type) ? $export_type : 'pdf';
+if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
+ $export_type = 'pdf';
+}
PMA_DBI_select_db($db);
$path = PMA_securePath(ucfirst($export_type));
diff --git a/sql.php b/sql.php
index 7ce5b24..4d22876 100644
--- a/sql.php
+++ b/sql.php
@@ -779,8 +779,8 @@ if (0 == $num_rows || $is_affected) {
$edited_values = array();
parse_str($_REQUEST['transform_fields_list'], $edited_values);
- foreach ($mime_map as $transformation) {
- $include_file = $transformation['transformation'];
+ foreach($mime_map as $transformation) {
+ $include_file = PMA_securePath($transformation['transformation']);
$column_name = $transformation['column_name'];
$column_data = $edited_values[$column_name];
diff --git a/tbl_printview.php b/tbl_printview.php
index 2e40587..9b7e7ff 100644
--- a/tbl_printview.php
+++ b/tbl_printview.php
@@ -69,7 +69,7 @@ if ($multi_tables) {
$tbl_list .= (empty($tbl_list) ? '' : ', ')
. PMA_backquote($table);
}
- echo '<strong>'. __('Show tables') . ': ' . $tbl_list . '</strong>' . "\n";
+ echo '<strong>'. __('Show tables') . ': ' . htmlspecialchars($tbl_list) . '</strong>' . "\n";
echo '<hr />' . "\n";
} // end if
@@ -84,7 +84,7 @@ foreach ($the_tables as $key => $table) {
}
$counter++;
echo '<div' . $breakstyle . '>' . "\n";
- echo '<h1>' . $table . '</h1>' . "\n";
+ echo '<h1>' . htmlspecialchars($table) . '</h1>' . "\n";
/**
* Gets table informations
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list