nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed possible code injection incase session variables are compromised

Browse Source
This commit is contained in:
Herman van Rink
2011-06-29 13:02:00 +02:00
parent 6e6e129f26
commit 2e01647949
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -7,6 +7,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
3.3.10.2 (not yet released) 3.3.10.2 (not yet released)
- [security] Fixed possible session corruption in swekey authentication - [security] Fixed possible session corruption in swekey authentication
- [security] Fixed possible code injection incase session variables are compromised
3.3.10.1 (2011-05-20) 3.3.10.1 (2011-05-20)
- [security] XSS on Tracking page - [security] XSS on Tracking page

2
setup/lib/ConfigFile.class.php
View File

@@ -286,7 +286,7 @@ class ConfigFile
if ($this->getServerCount() > 0) { if ($this->getServerCount() > 0) {
$ret .= "/* Servers configuration */$crlf\$i = 0;" . $crlf . $crlf; $ret .= "/* Servers configuration */$crlf\$i = 0;" . $crlf . $crlf;
foreach ($c['Servers'] as $id => $server) { foreach ($c['Servers'] as $id => $server) {
$ret .= '/* Server: ' . strtr($this->getServerName($id), '*/', '-') . " [$id] */" . $crlf $ret .= '/* Server: ' . strtr($this->getServerName($id) . " [$id] ", '*/', '-') . "*/" . $crlf
. '$i++;' . $crlf; . '$i++;' . $crlf;
foreach ($server as $k => $v) { foreach ($server as $k => $v) {
$k = preg_replace('/[^A-Za-z0-9_]/', '_', $k); $k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);