[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_1RC1-29-g20cf179
Marc Delisle
lem9 at users.sourceforge.net
Fri May 20 18:57:30 CEST 2011
The branch, QA_3_4 has been updated
via 20cf17923e321718aa6d19fb9dc846625c1879fb (commit)
via 89c8f3cbfe5356995ad71e5a41438e81fa994a55 (commit)
via 8fd8e3efd86b119ca5be7aaa9e047c92bfd06c23 (commit)
via 7e10c132a3887c8ebfd7a8eee356b28375f1e287 (commit)
via d3ccf798fdbd4f8a89d4088130637d8dee918492 (commit)
from e22344168fa0c717538f78e4b4e5935dd78dc69d (commit)
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 4 ++++
libraries/tbl_links.inc.php | 2 +-
tbl_tracking.php | 12 ++++++------
3 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b766a76..a7c19b4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,7 @@
- bug #3285929 [privileges] Revert temporary fix
- bug #3302872 [synchronize] Synchronize and user name
- bug #3302733 [core] Some browsers report an insecure https connection
+- [security] Make redirector require valid token
3.4.0.0 (2011-05-11)
+ rfe #2890226 [view] Enable VIEW rename
@@ -172,6 +173,9 @@
3.3.11.0 (not yet released)
+3.3.10.1 (2011-05-20)
+- [security] XSS on Tracking page
+
3.3.10.0 (2011-03-19)
- patch #3147400 [structure] Aria table size printed as unknown,
thanks to erickoh75 - erickoh75
diff --git a/libraries/tbl_links.inc.php b/libraries/tbl_links.inc.php
index bc72d21..e31dd53 100644
--- a/libraries/tbl_links.inc.php
+++ b/libraries/tbl_links.inc.php
@@ -112,7 +112,7 @@ unset($tabs);
if(PMA_Tracker::isActive() and PMA_Tracker::isTracked($GLOBALS["db"], $GLOBALS["table"]))
{
- $msg = PMA_Message::notice('<a href="tbl_tracking.php?'.$url_query.'">'.sprintf(__('Tracking of %s.%s is activated.'), $GLOBALS["db"], $GLOBALS["table"]).'</a>');
+ $msg = PMA_Message::notice('<a href="tbl_tracking.php?'.$url_query.'">'.sprintf(__('Tracking of %s.%s is activated.'), htmlspecialchars($GLOBALS["db"]), htmlspecialchars($GLOBALS["table"])).'</a>');
$msg->display();
}
diff --git a/tbl_tracking.php b/tbl_tracking.php
index 757456b..99a540e 100644
--- a/tbl_tracking.php
+++ b/tbl_tracking.php
@@ -179,7 +179,7 @@ if (isset($_REQUEST['submit_create_version'])) {
$tracking_set = rtrim($tracking_set, ',');
if (PMA_Tracker::createVersion($GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'], $tracking_set )) {
- $msg = PMA_Message::success(sprintf(__('Version %s is created, tracking for %s.%s is activated.'), $_REQUEST['version'], $GLOBALS['db'], $GLOBALS['table']));
+ $msg = PMA_Message::success(sprintf(__('Version %s is created, tracking for %s.%s is activated.'), $_REQUEST['version'], htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])));
$msg->display();
}
}
@@ -187,7 +187,7 @@ if (isset($_REQUEST['submit_create_version'])) {
// Deactivate tracking
if (isset($_REQUEST['submit_deactivate_now'])) {
if (PMA_Tracker::deactivateTracking($GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'])) {
- $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is deactivated.'), $GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version']));
+ $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is deactivated.'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table']), $_REQUEST['version']));
$msg->display();
}
}
@@ -195,7 +195,7 @@ if (isset($_REQUEST['submit_deactivate_now'])) {
// Activate tracking
if (isset($_REQUEST['submit_activate_now'])) {
if (PMA_Tracker::activateTracking($GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'])) {
- $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is activated.'), $GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version']));
+ $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is activated.'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table']), $_REQUEST['version']));
$msg->display();
}
}
@@ -632,7 +632,7 @@ if ($last_version > 0) {
<div id="div_deactivate_tracking">
<form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>">
<fieldset>
- <legend><?php printf(__('Deactivate tracking for %s.%s'), $GLOBALS['db'], $GLOBALS['table']); ?></legend>
+ <legend><?php printf(__('Deactivate tracking for %s.%s'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])); ?></legend>
<input type="hidden" name="version" value="<?php echo $last_version; ?>" />
<input type="submit" name="submit_deactivate_now" value="<?php echo __('Deactivate now'); ?>" />
</fieldset>
@@ -645,7 +645,7 @@ if ($last_version > 0) {
<div id="div_activate_tracking">
<form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>">
<fieldset>
- <legend><?php printf(__('Activate tracking for %s.%s'), $GLOBALS['db'], $GLOBALS['table']); ?></legend>
+ <legend><?php printf(__('Activate tracking for %s.%s'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])); ?></legend>
<input type="hidden" name="version" value="<?php echo $last_version; ?>" />
<input type="submit" name="submit_activate_now" value="<?php echo __('Activate now'); ?>" />
</fieldset>
@@ -660,7 +660,7 @@ if ($last_version > 0) {
<form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>">
<?php echo PMA_generate_common_hidden_inputs($GLOBALS['db'], $GLOBALS['table']); ?>
<fieldset>
- <legend><?php printf(__('Create version %s of %s.%s'), ($last_version + 1), $GLOBALS['db'], $GLOBALS['table']); ?></legend>
+ <legend><?php printf(__('Create version %s of %s.%s'), ($last_version + 1), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])); ?></legend>
<input type="hidden" name="version" value="<?php echo ($last_version + 1); ?>" />
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list