Fix XSS on some libraries (CVE-2005-3665).

2005-11-24 08:15:00 +00:00
parent 326eb9dab5
commit 05c719aba3
3 changed files with 12 additions and 0 deletions
--- a/4
+++ b/4
@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
 $Id$
 $Source$

+2005-11-24 Michal Čihař  <michal@cihar.com>
+    * libraries/header_http.inc.php, libraries/header_meta_style.inc.php: Fix
+      XSS on some libraries (CVE-2005-3665).
+
 2005-11-24 Sebastian Mendel <cybot_tm@users.sourceforge.net>
    * themes/original/*, css/phpmyadmin.css.php:
      - updated theme
--- a/libraries/header_http.inc.php
+++ b/libraries/header_http.inc.php
@@ -2,6 +2,10 @@
 /* $Id$ */
 // vim: expandtab sw=4 ts=4 sts=4:

+if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
+    die("GLOBALS overwrite attempt");
+}
+
 /**
 * Sends http headers
 */
--- a/libraries/header_meta_style.inc.php
+++ b/libraries/header_meta_style.inc.php
@@ -2,6 +2,10 @@
 /* $Id$ */
 // vim: expandtab sw=4 ts=4 sts=4:

+if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
+    die("GLOBALS overwrite attempt");
+}
+
 /**
 * Sends the beginning of the html page then returns to the calling script
 */