nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1807923 [login] Login with html entities in password fails

Browse Source
This commit is contained in:
Sebastian Mendel
2007-10-05 09:46:30 +00:00
parent e2d2946a06
commit 113b4fbcf7
2 changed files with 8 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -16,6 +16,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #1805773 [relations] browse foreign values: return values not escaped, - bug #1805773 [relations] browse foreign values: return values not escaped,
thanks to Alex Rambau thanks to Alex Rambau
- bug #1798786 [import] Wrong error message when a string contains semicolon - bug #1798786 [import] Wrong error message when a string contains semicolon
- bug #1807923 [login] Login with html entities in password fails
2.11.1.0 (2007-09-20) 2.11.1.0 (2007-09-20)

21
libraries/cleanup.lib.php
View File

@@ -14,36 +14,29 @@
* @access public * @access public
* @author Michal Cihar (michal@cihar.com) * @author Michal Cihar (michal@cihar.com)
*/ */
function PMA_remove_request_vars(&$whitelist) { function PMA_remove_request_vars(&$whitelist)
{
// do not check only $_REQUEST because it could have been overwritten // do not check only $_REQUEST because it could have been overwritten
// and use type casting because the variables could have become // and use type casting because the variables could have become
// strings // strings
$keys = array_keys(array_merge((array)$_REQUEST, (array)$_GET, (array)$_POST, (array)$_COOKIE)); $keys = array_keys(array_merge((array)$_REQUEST, (array)$_GET, (array)$_POST, (array)$_COOKIE));
foreach($keys as $key) { foreach($keys as $key) {
if (!in_array($key, $whitelist)) { if (! in_array($key, $whitelist)) {
unset($_REQUEST[$key], $_GET[$key], $_POST[$key], $GLOBALS[$key]); unset($_REQUEST[$key], $_GET[$key], $_POST[$key], $GLOBALS[$key]);
} else { } else {
// allowed stuff could be compromised so escape it // allowed stuff could be compromised so escape it
// we require it to be a string // we require it to be a string
if (isset($_REQUEST[$key]) && is_string($_REQUEST[$key])) { if (isset($_REQUEST[$key]) && ! is_string($_REQUEST[$key])) {
$_REQUEST[$key] = htmlspecialchars($_REQUEST[$key], ENT_QUOTES);
} else {
unset($_REQUEST[$key]); unset($_REQUEST[$key]);
} }
if (isset($_POST[$key]) && is_string($_POST[$key])) { if (isset($_POST[$key]) && ! is_string($_POST[$key])) {
$_POST[$key] = htmlspecialchars($_POST[$key], ENT_QUOTES);
} else {
unset($_POST[$key]); unset($_POST[$key]);
} }
if (isset($_COOKIE[$key]) && is_string($_COOKIE[$key])) { if (isset($_COOKIE[$key]) && ! is_string($_COOKIE[$key])) {
$_COOKIE[$key] = htmlspecialchars($_COOKIE[$key], ENT_QUOTES);
} else {
unset($_COOKIE[$key]); unset($_COOKIE[$key]);
} }
if (isset($_GET[$key]) && is_string($_GET[$key])) { if (isset($_GET[$key]) && ! is_string($_GET[$key])) {
$_GET[$key] = htmlspecialchars($_GET[$key], ENT_QUOTES);
} else {
unset($_GET[$key]); unset($_GET[$key]);
} }
} }