[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_7_1-41-gcf5faa1
Marc Delisle
lem9 at users.sourceforge.net
Thu Nov 24 18:28:53 CET 2011
The branch, QA_3_4 has been updated
via cf5faa1dd1bcae329eddb793765ad2ba3e4471dc (commit)
via 077c10020e349e8c1beb46309098992fde616913 (commit)
via dac8d6ce256333ff45b5f46270304b8657452740 (commit)
via bc45a1048d2f5ca8a532f774ddb1dd80985dff3d (commit)
via 1490533d91e9d3820e78ca4eac7981886eaea2cb (commit)
via b289fe082441dc739939b0ba15dae0d9dc6cee92 (commit)
from f414a0ec32626c3f0084bd020daba2b4553d244b (commit)
- Log -----------------------------------------------------------------
commit cf5faa1dd1bcae329eddb793765ad2ba3e4471dc
Merge: f414a0e 077c100
Author: Marc Delisle <marc at infomarc.info>
Date: Thu Nov 24 12:26:31 2011 -0500
Fix merge conflicts
commit 077c10020e349e8c1beb46309098992fde616913
Author: Dieter Adriaenssens <ruleant at users.sourceforge.net>
Date: Tue Nov 22 21:59:19 2011 +0100
[security] Self-XSS on invalid query (table overview), see PMASA-2011-18
commit dac8d6ce256333ff45b5f46270304b8657452740
Author: Marc Delisle <marc at infomarc.info>
Date: Tue Nov 22 12:46:46 2011 -0500
[security] Self-XSS on column type (table Search), see PMASA-2011-18
commit bc45a1048d2f5ca8a532f774ddb1dd80985dff3d
Author: Rouslan Placella <rouslan at placella.com>
Date: Tue Nov 22 12:38:22 2011 -0500
[security] Self-XSS on column type (Create index), see PMASA-2011-18
commit 1490533d91e9d3820e78ca4eac7981886eaea2cb
Author: Marc Delisle <marc at infomarc.info>
Date: Mon Nov 21 18:08:49 2011 -0500
[security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
commit b289fe082441dc739939b0ba15dae0d9dc6cee92
Author: Marc Delisle <marc at infomarc.info>
Date: Mon Nov 21 17:53:10 2011 -0500
[security] Self-XSS on database names (Synchronize), see PMASA-2011-18
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 5 +++++
js/db_operations.js | 2 +-
libraries/common.lib.php | 5 +----
libraries/server_synchronize.lib.php | 4 ++--
tbl_indexes.php | 4 ++--
tbl_select.php | 4 ++--
6 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 36a9e0a..7c40e9d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,11 @@ phpMyAdmin - ChangeLog
- [interface] Avoid showing the password in phpinfo()'s output
- bug #3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8
- bug #3407235 [interface] Entering the key through a lookup window does not reset NULL
+- [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
+- [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
+- [security] Self-XSS on column type (Create index), see PMASA-2011-18
+- [security] Self-XSS on column type (table Search), see PMASA-2011-18
+- [security] Self-XSS on invalid query (table overview), see PMASA-2011-18
3.4.7.1 (2011-11-10)
- [security] Fixed possible local file inclusion in XML import
diff --git a/js/db_operations.js b/js/db_operations.js
index b053694..ad39635 100644
--- a/js/db_operations.js
+++ b/js/db_operations.js
@@ -32,7 +32,7 @@ $(document).ready(function() {
var $form = $(this);
- var question = 'CREATE DATABASE ' + $('#new_db_name').val() + ' / DROP DATABASE ' + window.parent.db;
+ var question = escapeHtml('CREATE DATABASE ' + $('#new_db_name').val() + ' / DROP DATABASE ' + window.parent.db);
PMA_prepareForAjaxRequest($form);
/**
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index ad38266..caeeee2 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -1059,13 +1059,10 @@ function PMA_showMessage($message, $sql_query = null, $type = 'notice', $is_view
} else {
// Parse SQL if needed
$parsed_sql = PMA_SQP_parse($query_base);
- if (PMA_SQP_isError()) {
- unset($parsed_sql);
- }
}
// Analyze it
- if (isset($parsed_sql)) {
+ if (isset($parsed_sql) && ! PMA_SQP_isError()) {
$analyzed_display_query = PMA_SQP_analyze($parsed_sql);
// Here we append the LIMIT added for navigation, to
// enable its display. Adding it higher in the code
diff --git a/libraries/server_synchronize.lib.php b/libraries/server_synchronize.lib.php
index c1b9159..53ad9d7 100644
--- a/libraries/server_synchronize.lib.php
+++ b/libraries/server_synchronize.lib.php
@@ -1335,7 +1335,7 @@ function PMA_syncDisplayHeaderSource($src_db) {
echo '<table id="serverstatusconnections" class="data" width="55%">';
echo '<tr>';
- echo '<th>' . __('Source database') . ': ' . $src_db . '<br />(';
+ echo '<th>' . __('Source database') . ': ' . htmlspecialchars($src_db) . '<br />(';
if ('cur' == $_SESSION['src_type']) {
echo __('Current server');
} else {
@@ -1358,7 +1358,7 @@ function PMA_syncDisplayHeaderSource($src_db) {
function PMA_syncDisplayHeaderTargetAndMatchingTables($trg_db, $matching_tables) {
echo '<table id="serverstatusconnections" class="data" width="43%">';
echo '<tr>';
- echo '<th>' . __('Target database') . ': '. $trg_db . '<br />(';
+ echo '<th>' . __('Target database') . ': '. htmlspecialchars($trg_db) . '<br />(';
if ('cur' == $_SESSION['trg_type']) {
echo __('Current server');
} else {
diff --git a/tbl_indexes.php b/tbl_indexes.php
index 54923a0..ac32387 100644
--- a/tbl_indexes.php
+++ b/tbl_indexes.php
@@ -200,7 +200,7 @@ foreach ($index->getColumns() as $column) {
|| preg_match('/(char|text)/i', $field_type)) {
echo '<option value="' . htmlspecialchars($field_name) . '"'
. (($field_name == $column->getName()) ? ' selected="selected"' : '') . '>'
- . htmlspecialchars($field_name) . ' [' . $field_type . ']'
+ . htmlspecialchars($field_name) . ' [' . htmlspecialchars($field_type) . ']'
. '</option>' . "\n";
}
} // end foreach $fields
@@ -222,7 +222,7 @@ for ($i = 0; $i < $add_fields; $i++) {
<?php
foreach ($fields as $field_name => $field_type) {
echo '<option value="' . htmlspecialchars($field_name) . '">'
- . htmlspecialchars($field_name) . ' [' . $field_type . ']'
+ . htmlspecialchars($field_name) . ' [' . htmlspecialchars($field_type) . ']'
. '</option>' . "\n";
} // end foreach $fields
?>
diff --git a/tbl_select.php b/tbl_select.php
index 2cb0086..8414222 100644
--- a/tbl_select.php
+++ b/tbl_select.php
@@ -124,7 +124,7 @@ if (!isset($param) || $param[0] == '') {
?>
<tr class="noclick <?php echo $odd_row ? 'odd' : 'even'; $odd_row = ! $odd_row; ?>">
<th><?php echo htmlspecialchars($fields_list[$i]); ?></th>
- <td><?php echo $fields_type[$i]; ?></td>
+ <td><?php echo htmlspecialchars($fields_type[$i]); ?></td>
<td><?php echo $fields_collation[$i]; ?></td>
<td><select name="func[]">
<?php
@@ -190,7 +190,7 @@ if (!isset($param) || $param[0] == '') {
<?php
} elseif (strncasecmp($fields_type[$i], 'enum', 4) == 0) {
// e n u m s
- $enum_value=explode(', ', str_replace("'", '', substr($fields_type[$i], 5, -1)));
+ $enum_value=explode(', ', str_replace("'", '', substr(htmlspecialchars($fields_type[$i]), 5, -1)));
$cnt_enum_value = count($enum_value);
echo ' <select name="fields[' . $i . '][]"'
.' multiple="multiple" size="' . min(3, $cnt_enum_value) . '">' . "\n";
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list