[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_1RC1-1800-g15e0b38
Marc Delisle
lem9 at users.sourceforge.net
Fri May 20 18:57:58 CEST 2011
The branch, master has been updated
via 15e0b38073a02c38a67459ceb3bbab4f3b935b03 (commit)
via 20cf17923e321718aa6d19fb9dc846625c1879fb (commit)
via 89c8f3cbfe5356995ad71e5a41438e81fa994a55 (commit)
via a4c168a3a35bbdbf058a2e6fd1d2673c52821279 (commit)
via 8fd8e3efd86b119ca5be7aaa9e047c92bfd06c23 (commit)
via 7e10c132a3887c8ebfd7a8eee356b28375f1e287 (commit)
via d3ccf798fdbd4f8a89d4088130637d8dee918492 (commit)
from fc59c64fbd94a408f0500576d97ba7d29a254d00 (commit)
- Log -----------------------------------------------------------------
commit 15e0b38073a02c38a67459ceb3bbab4f3b935b03
Merge: a4c168a3a35bbdbf058a2e6fd1d2673c52821279 20cf17923e321718aa6d19fb9dc846625c1879fb
Author: Marc Delisle <marc at infomarc.info>
Date: Fri May 20 12:55:55 2011 -0400
Merge branch 'QA_3_4'
commit a4c168a3a35bbdbf058a2e6fd1d2673c52821279
Merge: fc59c64fbd94a408f0500576d97ba7d29a254d00 8fd8e3efd86b119ca5be7aaa9e047c92bfd06c23
Author: Marc Delisle <marc at infomarc.info>
Date: Fri May 20 12:51:47 2011 -0400
Merge branch 'QA_3_4'
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 4 ++++
libraries/tbl_links.inc.php | 2 +-
tbl_tracking.php | 12 ++++++------
3 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 7f90d9a..09d7c13 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,7 @@
- bug #3285929 [privileges] Revert temporary fix
- bug #3302872 [synchronize] Synchronize and user name
- bug #3302733 [core] Some browsers report an insecure https connection
+- [security] Make redirector require valid token
3.4.0.0 (2011-05-11)
+ rfe #2890226 [view] Enable VIEW rename
@@ -179,6 +180,9 @@
3.3.11.0 (not yet released)
+3.3.10.1 (2011-05-20)
+- [security] XSS on Tracking page
+
3.3.10.0 (2011-03-19)
- patch #3147400 [structure] Aria table size printed as unknown,
thanks to erickoh75 - erickoh75
diff --git a/libraries/tbl_links.inc.php b/libraries/tbl_links.inc.php
index bc72d21..e31dd53 100644
--- a/libraries/tbl_links.inc.php
+++ b/libraries/tbl_links.inc.php
@@ -112,7 +112,7 @@ unset($tabs);
if(PMA_Tracker::isActive() and PMA_Tracker::isTracked($GLOBALS["db"], $GLOBALS["table"]))
{
- $msg = PMA_Message::notice('<a href="tbl_tracking.php?'.$url_query.'">'.sprintf(__('Tracking of %s.%s is activated.'), $GLOBALS["db"], $GLOBALS["table"]).'</a>');
+ $msg = PMA_Message::notice('<a href="tbl_tracking.php?'.$url_query.'">'.sprintf(__('Tracking of %s.%s is activated.'), htmlspecialchars($GLOBALS["db"]), htmlspecialchars($GLOBALS["table"])).'</a>');
$msg->display();
}
diff --git a/tbl_tracking.php b/tbl_tracking.php
index 0534851..a708f0a 100644
--- a/tbl_tracking.php
+++ b/tbl_tracking.php
@@ -179,7 +179,7 @@ if (isset($_REQUEST['submit_create_version'])) {
$tracking_set = rtrim($tracking_set, ',');
if (PMA_Tracker::createVersion($GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'], $tracking_set )) {
- $msg = PMA_Message::success(sprintf(__('Version %s is created, tracking for %s.%s is activated.'), $_REQUEST['version'], $GLOBALS['db'], $GLOBALS['table']));
+ $msg = PMA_Message::success(sprintf(__('Version %s is created, tracking for %s.%s is activated.'), $_REQUEST['version'], htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])));
$msg->display();
}
}
@@ -187,7 +187,7 @@ if (isset($_REQUEST['submit_create_version'])) {
// Deactivate tracking
if (isset($_REQUEST['submit_deactivate_now'])) {
if (PMA_Tracker::deactivateTracking($GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'])) {
- $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is deactivated.'), $GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version']));
+ $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is deactivated.'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table']), $_REQUEST['version']));
$msg->display();
}
}
@@ -195,7 +195,7 @@ if (isset($_REQUEST['submit_deactivate_now'])) {
// Activate tracking
if (isset($_REQUEST['submit_activate_now'])) {
if (PMA_Tracker::activateTracking($GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'])) {
- $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is activated.'), $GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version']));
+ $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is activated.'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table']), $_REQUEST['version']));
$msg->display();
}
}
@@ -689,7 +689,7 @@ if ($last_version > 0) {
<div id="div_deactivate_tracking">
<form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>">
<fieldset>
- <legend><?php printf(__('Deactivate tracking for %s.%s'), $GLOBALS['db'], $GLOBALS['table']); ?></legend>
+ <legend><?php printf(__('Deactivate tracking for %s.%s'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])); ?></legend>
<input type="hidden" name="version" value="<?php echo $last_version; ?>" />
<input type="submit" name="submit_deactivate_now" value="<?php echo __('Deactivate now'); ?>" />
</fieldset>
@@ -702,7 +702,7 @@ if ($last_version > 0) {
<div id="div_activate_tracking">
<form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>">
<fieldset>
- <legend><?php printf(__('Activate tracking for %s.%s'), $GLOBALS['db'], $GLOBALS['table']); ?></legend>
+ <legend><?php printf(__('Activate tracking for %s.%s'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])); ?></legend>
<input type="hidden" name="version" value="<?php echo $last_version; ?>" />
<input type="submit" name="submit_activate_now" value="<?php echo __('Activate now'); ?>" />
</fieldset>
@@ -717,7 +717,7 @@ if ($last_version > 0) {
<form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>">
<?php echo PMA_generate_common_hidden_inputs($GLOBALS['db'], $GLOBALS['table']); ?>
<fieldset>
- <legend><?php printf(__('Create version %s of %s.%s'), ($last_version + 1), $GLOBALS['db'], $GLOBALS['table']); ?></legend>
+ <legend><?php printf(__('Create version %s of %s.%s'), ($last_version + 1), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])); ?></legend>
<input type="hidden" name="version" value="<?php echo ($last_version + 1); ?>" />
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list