From 3f95ef5c20691037ec7c6dac06df3a8ded53523e Mon Sep 17 00:00:00 2001 From: Herman van Rink Date: Thu, 25 Nov 2010 11:50:50 +0100 Subject: [PATCH 01/11] bug #3115519: fixed XSS on search --- libraries/common.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/common.lib.php b/libraries/common.lib.php index ec5100f45..4b194deb3 100644 --- a/libraries/common.lib.php +++ b/libraries/common.lib.php @@ -1769,7 +1769,7 @@ function PMA_linkOrButton($url, $message, $tag_params = array(), $tmp = $tag_params; $tag_params = array(); if (!empty($tmp)) { - $tag_params['onclick'] = 'return confirmLink(this, \'' . $tmp . '\')'; + $tag_params['onclick'] = 'return confirmLink(this, \'' . PMA_escapeJsString($tmp) . '\')'; } unset($tmp); } From 3f12de1746a25fe8f34d5892c21ae899356483be Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Fri, 26 Nov 2010 09:03:22 -0500 Subject: [PATCH 02/11] ChangeLog for XSS fix --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index c6bff7591..994b4faf2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -130,6 +130,9 @@ - patch #3117535 [replication] Add quotes to database in initial statement, thanks to Craig Duncan - duncan3dc +3.3.8.1 (2010-10-26) +- bug #3115519 (private) [security] XSS on db search + 3.3.8.0 (2010-10-25) - bug #3059311 [import] BIGINT field type added to table analysis - [core] Update library PHPExcel to version 1.7.4 @@ -143,9 +146,6 @@ 3.3.7.0 (2010-09-07) - patch #3050492 [PDF scratchboard] Cannot drag table box to the edge after a page size increase, thanks to Martin Schönberger - mad05 -- bug #3054458 [core] Fixed displaying number of rows. -- bug #3035300 [parser] Fixed wrong definition of keywords. -- [setup] Fixed escaping of server name. 3.3.6.0 (2010-08-28) - bug #3033063 [core] Navi gets wrong db name From 36d5c50947c811064303976723604d6eae9e8b94 Mon Sep 17 00:00:00 2001 From: Panagiotis Papazoglou Date: Fri, 26 Nov 2010 15:53:54 +0200 Subject: [PATCH 03/11] Translation update done using Pootle. --- po/el.po | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/po/el.po b/po/el.po index 07fd764e5..7f4124d80 100644 --- a/po/el.po +++ b/po/el.po @@ -5555,10 +5555,9 @@ msgstr "" "τους δίδεται ο επόμενος αύξων αριθμός." #: libraries/export/csv.php:21 libraries/import/csv.php:27 -#, fuzzy #| msgid "Lines terminated by" msgid "Columns separated with:" -msgstr "Γραμμές που τελειώνουν σε" +msgstr "Γραμμές που χωρίζονται με" #: libraries/export/csv.php:22 libraries/import/csv.php:28 #, fuzzy From 8e515b1686587dd4ccc1a03a0c74abeea572ee14 Mon Sep 17 00:00:00 2001 From: Panagiotis Papazoglou Date: Fri, 26 Nov 2010 15:54:14 +0200 Subject: [PATCH 04/11] Translation update done using Pootle. --- po/el.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/po/el.po b/po/el.po index 7f4124d80..c181dc7af 100644 --- a/po/el.po +++ b/po/el.po @@ -4,7 +4,7 @@ msgstr "" "Project-Id-Version: phpMyAdmin 3.4.0-dev\n" "Report-Msgid-Bugs-To: phpmyadmin-devel@lists.sourceforge.net\n" "POT-Creation-Date: 2010-11-20 07:34-0500\n" -"PO-Revision-Date: 2010-11-26 15:53+0200\n" +"PO-Revision-Date: 2010-11-26 15:54+0200\n" "Last-Translator: Panagiotis Papazoglou \n" "Language-Team: greek \n" "Language: el\n" @@ -5557,7 +5557,7 @@ msgstr "" #: libraries/export/csv.php:21 libraries/import/csv.php:27 #| msgid "Lines terminated by" msgid "Columns separated with:" -msgstr "Γραμμές που χωρίζονται με" +msgstr "Στήλες που χωρίζονται με" #: libraries/export/csv.php:22 libraries/import/csv.php:28 #, fuzzy From c490c396043f83431e9250287f7b3ecfee580ff8 Mon Sep 17 00:00:00 2001 From: Panagiotis Papazoglou Date: Fri, 26 Nov 2010 15:54:32 +0200 Subject: [PATCH 05/11] Translation update done using Pootle. --- po/el.po | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/po/el.po b/po/el.po index c181dc7af..f915335b2 100644 --- a/po/el.po +++ b/po/el.po @@ -5560,10 +5560,9 @@ msgid "Columns separated with:" msgstr "Στήλες που χωρίζονται με" #: libraries/export/csv.php:22 libraries/import/csv.php:28 -#, fuzzy #| msgid "Fields enclosed by" msgid "Columns enclosed with:" -msgstr "Πεδία που περικλείονται σε" +msgstr "Στήλες που περικλείονται με" #: libraries/export/csv.php:23 libraries/import/csv.php:29 #| msgid "Fields escaped by" From e13e48bd858c413d495ec626741161ee4b6ede9c Mon Sep 17 00:00:00 2001 From: Panagiotis Papazoglou Date: Fri, 26 Nov 2010 15:54:52 +0200 Subject: [PATCH 06/11] Translation update done using Pootle. --- po/el.po | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/po/el.po b/po/el.po index f915335b2..fc0990a4e 100644 --- a/po/el.po +++ b/po/el.po @@ -5570,10 +5570,9 @@ msgid "Columns escaped with:" msgstr "Τα πεδία χρησιμοποιούν το χαρακτήρα διαφυγής: " #: libraries/export/csv.php:24 libraries/import/csv.php:30 -#, fuzzy #| msgid "Lines terminated by" msgid "Lines terminated with:" -msgstr "Γραμμές που τελειώνουν σε" +msgstr "Γραμμές που τελειώνουν με" #: libraries/export/csv.php:25 libraries/export/excel.php:22 #: libraries/export/htmlword.php:28 libraries/export/latex.php:79 From 7b5bfe2478c4e4627e3bd392cb03b07de57945ac Mon Sep 17 00:00:00 2001 From: Panagiotis Papazoglou Date: Fri, 26 Nov 2010 15:55:01 +0200 Subject: [PATCH 07/11] Translation update done using Pootle. --- po/el.po | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/po/el.po b/po/el.po index fc0990a4e..c4f290bc4 100644 --- a/po/el.po +++ b/po/el.po @@ -4,7 +4,7 @@ msgstr "" "Project-Id-Version: phpMyAdmin 3.4.0-dev\n" "Report-Msgid-Bugs-To: phpmyadmin-devel@lists.sourceforge.net\n" "POT-Creation-Date: 2010-11-20 07:34-0500\n" -"PO-Revision-Date: 2010-11-26 15:54+0200\n" +"PO-Revision-Date: 2010-11-26 15:55+0200\n" "Last-Translator: Panagiotis Papazoglou \n" "Language-Team: greek \n" "Language: el\n" @@ -5578,7 +5578,6 @@ msgstr "Γραμμές που τελειώνουν με" #: libraries/export/htmlword.php:28 libraries/export/latex.php:79 #: libraries/export/ods.php:23 libraries/export/odt.php:59 #: libraries/export/xls.php:23 libraries/export/xlsx.php:23 -#, fuzzy #| msgid "Replace NULL by" msgid "Replace NULL with:" msgstr "Αντικατάσταση τιμής NULL με" From 17ee6f349c33bb2d096d48c1b9bda4f3d47133c0 Mon Sep 17 00:00:00 2001 From: Panagiotis Papazoglou Date: Fri, 26 Nov 2010 15:55:24 +0200 Subject: [PATCH 08/11] Translation update done using Pootle. --- po/el.po | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/po/el.po b/po/el.po index c4f290bc4..3aee8bb1a 100644 --- a/po/el.po +++ b/po/el.po @@ -5583,10 +5583,9 @@ msgid "Replace NULL with:" msgstr "Αντικατάσταση τιμής NULL με" #: libraries/export/csv.php:26 libraries/export/excel.php:23 -#, fuzzy #| msgid "Remove CRLF characters within fields" msgid "Remove carriage return/line feed characters within columns" -msgstr "Απομάκρυνση χαρακτήρων CRLF μέσα στα πεδία" +msgstr "Απομάκρυνση χαρακτήρων CRLF μέσα στις στήλες" #: libraries/export/excel.php:32 #, fuzzy From 349180ef97641bcf84cfd140b4e3100ad5830942 Mon Sep 17 00:00:00 2001 From: Panagiotis Papazoglou Date: Fri, 26 Nov 2010 15:55:31 +0200 Subject: [PATCH 09/11] Translation update done using Pootle. --- po/el.po | 1 - 1 file changed, 1 deletion(-) diff --git a/po/el.po b/po/el.po index 3aee8bb1a..c808fff62 100644 --- a/po/el.po +++ b/po/el.po @@ -5588,7 +5588,6 @@ msgid "Remove carriage return/line feed characters within columns" msgstr "Απομάκρυνση χαρακτήρων CRLF μέσα στις στήλες" #: libraries/export/excel.php:32 -#, fuzzy #| msgid "Excel edition" msgid "Excel edition:" msgstr "Έκδοση Excel" From de139609e8fc30aafe15833716e2398d1ef3907d Mon Sep 17 00:00:00 2001 From: Panagiotis Papazoglou Date: Fri, 26 Nov 2010 15:56:17 +0200 Subject: [PATCH 10/11] Translation update done using Pootle. --- po/el.po | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/po/el.po b/po/el.po index c808fff62..20e93ca21 100644 --- a/po/el.po +++ b/po/el.po @@ -4,7 +4,7 @@ msgstr "" "Project-Id-Version: phpMyAdmin 3.4.0-dev\n" "Report-Msgid-Bugs-To: phpmyadmin-devel@lists.sourceforge.net\n" "POT-Creation-Date: 2010-11-20 07:34-0500\n" -"PO-Revision-Date: 2010-11-26 15:55+0200\n" +"PO-Revision-Date: 2010-11-26 15:56+0200\n" "Last-Translator: Panagiotis Papazoglou \n" "Language-Team: greek \n" "Language: el\n" @@ -5595,10 +5595,9 @@ msgstr "Έκδοση Excel" #: libraries/export/htmlword.php:27 libraries/export/latex.php:69 #: libraries/export/odt.php:55 libraries/export/sql.php:132 #: libraries/export/texytext.php:25 libraries/export/xml.php:45 -#, fuzzy #| msgid "Databases display options" msgid "Data dump options" -msgstr "Επιλογές προβολής βάσεων δεδομένων" +msgstr "Επιλογές απορριμμάτων δεδομένων" #: libraries/export/htmlword.php:135 libraries/export/odt.php:175 #: libraries/export/sql.php:946 libraries/export/texytext.php:123 From 1aff32ac2c5a1f91ce6656970136d34966ca0e4c Mon Sep 17 00:00:00 2001 From: Panagiotis Papazoglou Date: Fri, 26 Nov 2010 15:56:31 +0200 Subject: [PATCH 11/11] Translation update done using Pootle. --- po/el.po | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/po/el.po b/po/el.po index 20e93ca21..ec1127573 100644 --- a/po/el.po +++ b/po/el.po @@ -5610,10 +5610,9 @@ msgid "Table structure for table" msgstr "Δομή Πίνακα για τον Πίνακα" #: libraries/export/latex.php:13 -#, fuzzy #| msgid "Content of table __TABLE__" msgid "Content of table @TABLE@" -msgstr "Περιεχόμενο του πίνακα __TABLE__" +msgstr "Περιεχόμενο του πίνακα @TABLE@" #: libraries/export/latex.php:14 msgid "(continued)"