nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merge fixes from trunk (bugs #1672379. #1671813, #1541147)

Browse Source
This commit is contained in:
Sebastian Mendel
2007-03-02 14:13:13 +00:00
parent 81f6ea7f9f
commit 1f7afb504f
3 changed files with 97 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@@ -5,6 +5,12 @@ phpMyAdmin - ChangeLog
$Id$ $Id$
$HeadURL$ $HeadURL$
2007-03-02 Sebastian Mendel <cybot_tm@users.sourceforge.net>
* libraries/common.lib.php: bug #1672379 Call to undefined function PMA_removeCookie()
2007-03-01 Sebastian Mendel <cybot_tm@users.sourceforge.net>
* libraries/common.lib.php: bug #1671813 CVE-2006-1549 deep recursion crash
2007-02-28 Marc Delisle <lem9@users.sourceforge.net> 2007-02-28 Marc Delisle <lem9@users.sourceforge.net>
* libraries/config.default.php: set $cfg['Servers'][$i]['ssl'] default * libraries/config.default.php: set $cfg['Servers'][$i]['ssl'] default
value to false, we got reports from some users having problems with the value to false, we got reports from some users having problems with the
@@ -113,6 +119,9 @@ $HeadURL$
thanks to Ivan Kirillov thanks to Ivan Kirillov
### 2.10.0-beta1 released from QA_2_10 ### 2.10.0-beta1 released from QA_2_10
2007-01-29 Sebastian Mendel <cybot_tm@users.sourceforge.net>
* js/querywindow.js: fixed bug #1541147 - # in database names
2007-01-26 Michal Čihař <michal@cihar.com> 2007-01-26 Michal Čihař <michal@cihar.com>
* libraries/common.lib.php, libraries/js_escape.lib.php, * libraries/common.lib.php, libraries/js_escape.lib.php,
test/escape_js_string.php, test/core.lib.php: Move java script escaping test/escape_js_string.php, test/core.lib.php: Move java script escaping

158
libraries/common.lib.php
View File

@@ -271,6 +271,10 @@ function PMA_array_merge_recursive()
*/ */
function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false) function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false)
{ {
static $recursive_counter = 0;
if (++$recursive_counter > 1000) {
die('possible deep recursion attack');
}
foreach ($array as $key => $value) { foreach ($array as $key => $value) {
if (is_array($value)) { if (is_array($value)) {
PMA_arrayWalkRecursive($array[$key], $function, $apply_to_keys_also); PMA_arrayWalkRecursive($array[$key], $function, $apply_to_keys_also);
@@ -286,6 +290,7 @@ function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false)
} }
} }
} }
$recursive_counter++;
} }
/** /**
@@ -345,6 +350,77 @@ function PMA_getenv($var_name) {
return ''; return '';
} }
/**
* removes cookie
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @return boolean result of setcookie()
*/
function PMA_removeCookie($cookie)
{
return setcookie($cookie, '', time() - 3600,
PMA_Config::getCookiePath(), '', PMA_Config::isHttps());
}
/**
* sets cookie if value is different from current cokkie value,
* or removes if value is equal to default
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses $_COOKIE
* @uses PMA_removeCookie()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @param mixed $value new cookie value
* @param string $default default value
* @param int $validity validity of cookie in seconds (default is one month)
* @param bool $httponlt whether cookie is only for HTTP (and not for scripts)
* @return boolean result of setcookie()
*/
function PMA_setCookie($cookie, $value, $default = null, $validity = null, $httponly = true)
{
if ($validity == null) {
$validity = 2592000;
}
if (strlen($value) && null !== $default && $value === $default
&& isset($_COOKIE[$cookie])) {
// remove cookie, default value is used
return PMA_removeCookie($cookie);
}
if (! strlen($value) && isset($_COOKIE[$cookie])) {
// remove cookie, value is empty
return PMA_removeCookie($cookie);
}
if (! isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) {
// set cookie with new value
/* Calculate cookie validity */
if ($validity == 0) {
$v = 0;
} else {
$v = time() + $validity;
}
/* Use native support for httponly cookies if available */
if (version_compare(PHP_VERSION, '5.2.0', 'ge')) {
return setcookie($cookie, $value, $v,
PMA_Config::getCookiePath(), '', PMA_Config::isHttps(), $httponly);
} else {
return setcookie($cookie, $value, $v,
PMA_Config::getCookiePath() . ($httponly ? '; HttpOnly' : ''), '', PMA_Config::isHttps());
}
}
// cookie has already $value as value
return true;
}
/** /**
* include here only libraries which contain only function definitions * include here only libraries which contain only function definitions
* no code im main()! * no code im main()!
@@ -2338,77 +2414,6 @@ if (typeof(window.parent) != 'undefined'
.htmlspecialchars($database) . '</a>'; .htmlspecialchars($database) . '</a>';
} }
/**
* removes cookie
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @return boolean result of setcookie()
*/
function PMA_removeCookie($cookie)
{
return setcookie($cookie, '', time() - 3600,
PMA_Config::getCookiePath(), '', PMA_Config::isHttps());
}
/**
* sets cookie if value is different from current cokkie value,
* or removes if value is equal to default
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses $_COOKIE
* @uses PMA_removeCookie()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @param mixed $value new cookie value
* @param string $default default value
* @param int $validity validity of cookie in seconds (default is one month)
* @param bool $httponlt whether cookie is only for HTTP (and not for scripts)
* @return boolean result of setcookie()
*/
function PMA_setCookie($cookie, $value, $default = null, $validity = null, $httponly = true)
{
if ($validity == null) {
$validity = 2592000;
}
if (strlen($value) && null !== $default && $value === $default
&& isset($_COOKIE[$cookie])) {
// remove cookie, default value is used
return PMA_removeCookie($cookie);
}
if (! strlen($value) && isset($_COOKIE[$cookie])) {
// remove cookie, value is empty
return PMA_removeCookie($cookie);
}
if (! isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) {
// set cookie with new value
/* Calculate cookie validity */
if ($validity == 0) {
$v = 0;
} else {
$v = time() + $validity;
}
/* Use native support for httponly cookies if available */
if (version_compare(PHP_VERSION, '5.2.0', 'ge')) {
return setcookie($cookie, $value, $v,
PMA_Config::getCookiePath(), '', PMA_Config::isHttps(), $httponly);
} else {
return setcookie($cookie, $value, $v,
PMA_Config::getCookiePath() . ($httponly ? '; HttpOnly' : ''), '', PMA_Config::isHttps());
}
}
// cookie has already $value as value
return true;
}
/** /**
* Displays a lightbulb hint explaining a known external bug * Displays a lightbulb hint explaining a known external bug
* that affects a functionality * that affects a functionality
@@ -2451,6 +2456,17 @@ if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])
die('GLOBALS overwrite attempt'); die('GLOBALS overwrite attempt');
} }
/**
* protect against deep recursion attack CVE-2006-1549,
* 1000 seems to be more than enough
*
* @see http://www.php-security.org/MOPB/MOPB-02-2007.html
* @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549
*/
if (count($GLOBALS) > 1000) {
die('possible deep recurse attack');
}
/** /**
* Check for numeric keys * Check for numeric keys
* (if register_globals is on, numeric key can be found in $GLOBALS) * (if register_globals is on, numeric key can be found in $GLOBALS)

2
pmd/scripts/move.js
View File

@@ -177,7 +177,7 @@ function Main()
Small_tab_refresh(); Small_tab_refresh();
Re_load(); Re_load();
id_hint = document.getElementById('hint'); id_hint = document.getElementById('hint');
if (ieIE) { if (isIE) {
General_scroll(); General_scroll();
} }
} }