[Phpmyadmin-git] [SCM] phpMyAdmin branch, TESTING, updated. RELEASE_3_4_3_2-40-g2c2f798
Marc Delisle
lem9 at users.sourceforge.net
Sat Jul 23 14:58:47 CEST 2011
The branch, TESTING has been updated
via 2c2f7988ca2241fcbcfc44485a3491483de9562e (commit)
via ff536da86576efe733e4dfb5d69c8481ae590e2e (commit)
via bd63726ee3daf32799f499b61d7cde973d8e8660 (commit)
via 09c0f7ae557e40102fbfd23c4bea4939e19f0f29 (commit)
via 571cdc6ff4bf375871b594f4e06f8ad3159d1754 (commit)
via e7bb42c002885c2aca7aba4d431b8c63ae4de9b7 (commit)
via 3ae58f0cd6b89ad4767920f9b214c38d3f6d4393 (commit)
via 3caa6cbb7ed1b1933c3bded493a2fbc8273d746f (commit)
via f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c (commit)
via 951fb4dd79253a3aca8b6e386db77c1affcfc3a9 (commit)
via 4bd27166c314faa37cada91533b86377f4d4d214 (commit)
via a0823be05aa5835f207c0838b9cca67d2d9a050a (commit)
via d7cffc5dbde68342d46e891ea2c8bd72de134f43 (commit)
from 50efb55a96643e997120a88e06b1a854b2feebd7 (commit)
- Log -----------------------------------------------------------------
commit 2c2f7988ca2241fcbcfc44485a3491483de9562e
Merge: 50efb55a96643e997120a88e06b1a854b2feebd7 ff536da86576efe733e4dfb5d69c8481ae590e2e
Author: Marc Delisle <marc at infomarc.info>
Date: Sat Jul 23 08:43:27 2011 -0400
Merge branch 'MAINT_3_4_3' into TESTING
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 18 ++++++++++++------
Documentation.html | 4 ++--
README | 2 +-
libraries/Config.class.php | 2 +-
libraries/auth/swekey/swekey.auth.lib.php | 12 +++++++-----
libraries/schema/User_Schema.class.php | 7 +++++--
schema_export.php | 4 +++-
sql.php | 2 +-
tbl_printview.php | 4 ++--
9 files changed, 34 insertions(+), 21 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 28a5ee0..24ff73c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,12 @@
phpMyAdmin - ChangeLog
======================
+3.4.3.2 (2011-07-23)
+- [security] Fixed XSS vulnerability, see PMASA-2011-9
+- [security] Fixed local file inclusion vulnerability, see PMASA-2011-10
+- [security] Fixed local file inclusion vulnerability and code execution, see PMASA-2011-11
+- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12
+
3.4.3.1 (2011-07-02)
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
@@ -95,7 +101,7 @@ phpMyAdmin - ChangeLog
+ patch #2974341 [structure] Clicking on table name in db Structure should
Browse the table if possible, thanks to bhdouglass - dougboybhd
+ patch #2975533 [search] New search operators, thanks to
- Martynas MickeviÄius
+ Martynas Mickevičius
+ patch #2967320 [designer] Colored relations based on the primary key,
thanks to GreenRover - greenrover
- [core] Provide way for vendors to easily change paths to config files.
@@ -252,7 +258,7 @@ phpMyAdmin - ChangeLog
3.3.7.0 (2010-09-07)
- patch #3050492 [PDF scratchboard] Cannot drag table box to the edge after
- a page size increase, thanks to Martin Schönberger - mad05
+ a page size increase, thanks to Martin Schönberger - mad05
3.3.6.0 (2010-08-28)
- bug #3033063 [core] Navi gets wrong db name
@@ -273,7 +279,7 @@ phpMyAdmin - ChangeLog
3.3.5.0 (2010-07-26)
- patch #2932113 [information_schema] Slow export when having lots of
- databases, thanks to Stéphane Pontier - shadow_walker
+ databases, thanks to Stéphane Pontier - shadow_walker
- bug #3022705 [import] Import button does not work in Catalan when there
is no progress bar possible
- bug [replication] Do not offer information_schema in the list of databases
@@ -313,9 +319,9 @@ phpMyAdmin - ChangeLog
- patch #2984893 [engines] InnoDB storage page emits a warning,
thanks to Madhura Jayaratne - madhuracj
- bug #2974687, bug #2974692 [compatibility] PHPExcel : IBM AIX iconv() does not work,
- thanks to Björn Wiberg - bwiberg
+ thanks to Björn Wiberg - bwiberg
- bug #2983066 [interface] Flush table on table operations shows the query twice,
- thanks to Martynas MickeviÄius - BlinK_
+ thanks to Martynas Mickevičius - BlinK_
- bug #2983060, patch #2987900 [interface] Fix initial state of tables in
designer, thanks to Sutharshan Balachandren.
- bug #2983062, patch #2989408 [engines] Fix warnings when changing table
@@ -394,7 +400,7 @@ phpMyAdmin - ChangeLog
+ rfe #2839504 [engines] Support InnoDB plugin's new row formats
+ [core] Added ability for synchronizing databases among servers.
+ [lang] #2843101 Dutch update, thanks to scavenger2008
-+ [lang] Galician update, thanks to Xosé Calvo - xosecalvo
++ [lang] Galician update, thanks to Xosé Calvo - xosecalvo
+ [export] Added MediaWiki export module,
thanks to Derek Schaefer - drummingds1
+ [lang] Turkish update, thanks to Burak Yavuz
diff --git a/Documentation.html b/Documentation.html
index 25b9731..15f8000 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -9,7 +9,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>phpMyAdmin 3.4.3.1 - Documentation</title>
+ <title>phpMyAdmin 3.4.3.2 - Documentation</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -17,7 +17,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
<div id="header">
<h1>
<a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
- 3.4.3.1
+ 3.4.3.2
Documentation
</h1>
</div>
diff --git a/README b/README
index e57152a..65f7c52 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
phpMyAdmin - Readme
===================
-Version 3.4.3.1
+Version 3.4.3.2
A set of PHP-scripts to manage MySQL over the web.
diff --git a/libraries/Config.class.php b/libraries/Config.class.php
index 28625f2..0cec6a9 100644
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -96,7 +96,7 @@ class PMA_Config
*/
function checkSystem()
{
- $this->set('PMA_VERSION', '3.4.3.1');
+ $this->set('PMA_VERSION', '3.4.3.2');
/**
* @deprecated
*/
diff --git a/libraries/auth/swekey/swekey.auth.lib.php b/libraries/auth/swekey/swekey.auth.lib.php
index c5f613b..8ec5ab4 100644
--- a/libraries/auth/swekey/swekey.auth.lib.php
+++ b/libraries/auth/swekey/swekey.auth.lib.php
@@ -143,7 +143,9 @@ function Swekey_auth_error()
return "Internal Error: CA File $caFile not found";
$result = null;
- parse_str($_SERVER['QUERY_STRING']);
+ $swekey_id = $_GET['swekey_id'];
+ $swekey_otp = $_GET['swekey_otp'];
+
if (isset($swekey_id)) {
unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
@@ -166,7 +168,7 @@ function Swekey_auth_error()
$result = __('No valid authentication key plugged');
if ($_SESSION['SWEKEY']['CONF_DEBUG'])
{
- $result .= "<br>".$swekey_id;
+ $result .= "<br>" . htmlspecialchars($swekey_id);
}
unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
}
@@ -186,16 +188,16 @@ function Swekey_auth_error()
<script>
if (key.length != 32)
{
- window.location.search="?swekey_id=" + key;
+ window.location.search="?swekey_id=" + key + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
}
else
{
var url = "" + window.location;
if (url.indexOf("?") > 0)
url = url.substr(0, url.indexOf("?"));
- Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>");
+ Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION[' PMA_token ']; ?>");
var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
- window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp;
+ window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
}
</script>
<?php
diff --git a/libraries/schema/User_Schema.class.php b/libraries/schema/User_Schema.class.php
index fbec138..cb42dde 100644
--- a/libraries/schema/User_Schema.class.php
+++ b/libraries/schema/User_Schema.class.php
@@ -567,10 +567,13 @@ class PMA_User_Schema
require_once './libraries/transformations.lib.php';
require_once './libraries/Index.class.php';
/**
- * default is PDF
+ * default is PDF, otherwise validate it's only letters a-z
*/
global $db,$export_type;
- $export_type = isset($export_type) ? $export_type : 'pdf';
+ if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
+ $export_type = 'pdf';
+ }
+
PMA_DBI_select_db($db);
include("./libraries/schema/".ucfirst($export_type)."_Relation_Schema.class.php");
diff --git a/schema_export.php b/schema_export.php
index 0a21d32..3e1067d 100644
--- a/schema_export.php
+++ b/schema_export.php
@@ -37,7 +37,9 @@ include_once("./libraries/schema/Export_Relation_Schema.class.php");
* default is PDF
*/
global $db,$export_type;
-$export_type = isset($export_type) ? $export_type : 'pdf';
+if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
+ $export_type = 'pdf';
+}
PMA_DBI_select_db($db);
$path = PMA_securePath(ucfirst($export_type));
diff --git a/sql.php b/sql.php
index 9b19174..eb9254f 100644
--- a/sql.php
+++ b/sql.php
@@ -719,7 +719,7 @@ if (0 == $num_rows || $is_affected) {
parse_str($_REQUEST['transform_fields_list'], $edited_values);
foreach($mime_map as $transformation) {
- $include_file = $transformation['transformation'];
+ $include_file = PMA_securePath($transformation['transformation']);
$column_name = $transformation['column_name'];
$column_data = $edited_values[$column_name];
diff --git a/tbl_printview.php b/tbl_printview.php
index 74b6818..ce007d1 100644
--- a/tbl_printview.php
+++ b/tbl_printview.php
@@ -69,7 +69,7 @@ if ($multi_tables) {
$tbl_list .= (empty($tbl_list) ? '' : ', ')
. PMA_backquote($table);
}
- echo '<strong>'. __('Show tables') . ': ' . $tbl_list . '</strong>' . "\n";
+ echo '<strong>'. __('Show tables') . ': ' . htmlspecialchars($tbl_list) . '</strong>' . "\n";
echo '<hr />' . "\n";
} // end if
@@ -84,7 +84,7 @@ foreach ($the_tables as $key => $table) {
}
$counter++;
echo '<div' . $breakstyle . '>' . "\n";
- echo '<h1>' . $table . '</h1>' . "\n";
+ echo '<h1>' . htmlspecialchars($table) . '</h1>' . "\n";
/**
* Gets table informations
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list