nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[XSS] clean $_SERVER variables

Browse Source
This commit is contained in:
Sebastian Mendel
2005-10-27 17:03:36 +00:00
parent 6c7933cd52
commit 2d6e0f00d8
3 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -27,6 +27,7 @@ $Source$
- bug #1274032 Field privileges with database names containing underscores - bug #1274032 Field privileges with database names containing underscores
- use DROP USER - use DROP USER
- use db_name LIKE REPLACE( mysql.db.Db, \_, _ ) - use db_name LIKE REPLACE( mysql.db.Db, \_, _ )
* libraries/grab_globals.lib.php: [XSS] clean $_SERVER variables
2005-10-26 Marc Delisle <lem9@users.sourceforge.net> 2005-10-26 Marc Delisle <lem9@users.sourceforge.net>
* lang/french* updates * lang/french* updates

13
libraries/grab_globals.lib.php
View File

@@ -91,14 +91,19 @@ if (!empty($_FILES)) {
if (!empty($_SERVER)) { if (!empty($_SERVER)) {
$server_vars = array('PHP_SELF', 'HTTP_ACCEPT_LANGUAGE', 'HTTP_AUTHORIZATION'); $server_vars = array('PHP_SELF', 'HTTP_ACCEPT_LANGUAGE', 'HTTP_AUTHORIZATION');
foreach ($server_vars as $current) { foreach ( $server_vars as $current ) {
if (isset($_SERVER[$current])) { // its not important HOW we detect html tags
// its more important to prevent XSS
// so its not important if we result in an invalid string,
// its even better than a XSS capable string
if ( isset( $_SERVER[$current] ) && false === strpos( $_SERVER[$current], '<' ) ) {
$$current = $_SERVER[$current]; $$current = $_SERVER[$current];
} elseif (!isset($$current)) { // already importet by register_globals?
} elseif ( ! isset( $$current ) || false !== strpos( $$current, '<' ) ) {
$$current = ''; $$current = '';
} }
} }
unset($server_vars, $current); unset( $server_vars, $current );
} // end if } // end if
// Security fix: disallow accessing serious server files via "?goto=" // Security fix: disallow accessing serious server files via "?goto="

12
server_status.php
View File

@@ -257,7 +257,7 @@ $sections = array(
$links = array(); $links = array();
$links['table'][$strFlushTables] $links['table'][$strFlushTables]
= $_SERVER['PHP_SELF'] . '?flush=TABLES&amp;' . PMA_generate_common_url(); = $PHP_SELF . '?flush=TABLES&amp;' . PMA_generate_common_url();
$links['table'][$strShowOpenTables] $links['table'][$strShowOpenTables]
= 'sql.php?sql_query=' . urlencode('SHOW OPEN TABLES') . = 'sql.php?sql_query=' . urlencode('SHOW OPEN TABLES') .
'&amp;goto=server_status.php&amp;' . PMA_generate_common_url(); '&amp;goto=server_status.php&amp;' . PMA_generate_common_url();
@@ -272,7 +272,7 @@ $links['repl']['MySQL - ' . $strDocu]
= $cfg['MySQLManualBase'] . '/replication.html'; = $cfg['MySQLManualBase'] . '/replication.html';
$links['qcache'][$strFlushQueryCache] $links['qcache'][$strFlushQueryCache]
= $_SERVER['PHP_SELF'] . '?flush=QUERY CACHE&amp;' . = $PHP_SELF . '?flush=QUERY CACHE&amp;' .
PMA_generate_common_url(); PMA_generate_common_url();
$links['qcache']['MySQL - ' . $strDocu] $links['qcache']['MySQL - ' . $strDocu]
= $cfg['MySQLManualBase'] . '/query-cache.html'; = $cfg['MySQLManualBase'] . '/query-cache.html';
@@ -331,10 +331,10 @@ $hour_factor = 3600 / $server_status['Uptime'];
?> ?>
<div id="statuslinks"> <div id="statuslinks">
<a href="<?php echo <a href="<?php echo
$_SERVER['PHP_SELF'] . '?' . PMA_generate_common_url(); ?>" $PHP_SELF . '?' . PMA_generate_common_url(); ?>"
><?php echo $strRefresh; ?></a> ><?php echo $strRefresh; ?></a>
<a href="<?php echo <a href="<?php echo
$_SERVER['PHP_SELF'] . '?flush=STATUS&amp;' . PMA_generate_common_url(); ?>" $PHP_SELF . '?flush=STATUS&amp;' . PMA_generate_common_url(); ?>"
><?php echo $strShowStatusReset; ?></a> ><?php echo $strShowStatusReset; ?></a>
<a href="<?php echo <a href="<?php echo
$cfg['MySQLManualBase']; ?>/server-status-variables.html" $cfg['MySQLManualBase']; ?>/server-status-variables.html"
@@ -353,7 +353,7 @@ echo sprintf( $strServerStatusUptime,
<?php <?php
foreach ( $sections as $section_name => $section ) { foreach ( $sections as $section_name => $section ) {
if ( ! empty( $section['vars'] ) && ! empty( $section['title'] ) ) { if ( ! empty( $section['vars'] ) && ! empty( $section['title'] ) ) {
echo '<a href="' . $_SERVER['PHP_SELF'] . '?' . echo '<a href="' . $PHP_SELF . '?' .
PMA_generate_common_url() . '#' . $section_name . '">' . PMA_generate_common_url() . '#' . $section_name . '">' .
$section['title'] . '</a>' . "\n"; $section['title'] . '</a>' . "\n";
} }
@@ -581,7 +581,7 @@ foreach ( $sections as $section_name => $section ) {
<table class="data" id="serverstatussection<?php echo $section_name; ?>"> <table class="data" id="serverstatussection<?php echo $section_name; ?>">
<caption class="tblHeaders"> <caption class="tblHeaders">
<a class="top" <a class="top"
href="<?php echo $_SERVER['PHP_SELF'] . '?' . href="<?php echo $PHP_SELF . '?' .
PMA_generate_common_url() . '#_top'; ?>" PMA_generate_common_url() . '#_top'; ?>"
name="<?php echo $section_name; ?>"><?php echo $strPos1; ?> name="<?php echo $section_name; ?>"><?php echo $strPos1; ?>
<?php echo <?php echo