Fix merge conflicts
This commit is contained in:
Marc Delisle
18
ChangeLog
18
ChangeLog
@@ -19,6 +19,12 @@ phpMyAdmin - ChangeLog
|
||||
- bug #3372807 [interface] Fix security warning link in setup
|
||||
- bug #3374347 [display] Backquotes in normal text on import page
|
||||
|
||||
3.4.3.2 (2011-07-23)
|
||||
- [security] Fixed XSS vulnerability, see PMASA-2011-9
|
||||
- [security] Fixed local file inclusion vulnerability, see PMASA-2011-10
|
||||
- [security] Fixed local file inclusion vulnerability and code execution, see PMASA-2011-11
|
||||
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12
|
||||
|
||||
3.4.3.1 (2011-07-02)
|
||||
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
|
||||
- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
|
||||
@@ -113,7 +119,7 @@ phpMyAdmin - ChangeLog
|
||||
+ patch #2974341 [structure] Clicking on table name in db Structure should
|
||||
Browse the table if possible, thanks to bhdouglass - dougboybhd
|
||||
+ patch #2975533 [search] New search operators, thanks to
|
||||
Martynas MickeviÄius
|
||||
Martynas Mickevičius
|
||||
+ patch #2967320 [designer] Colored relations based on the primary key,
|
||||
thanks to GreenRover - greenrover
|
||||
- [core] Provide way for vendors to easily change paths to config files.
|
||||
@@ -267,7 +273,7 @@ phpMyAdmin - ChangeLog
|
||||
|
||||
3.3.7.0 (2010-09-07)
|
||||
- patch #3050492 [PDF scratchboard] Cannot drag table box to the edge after
|
||||
a page size increase, thanks to Martin Schönberger - mad05
|
||||
a page size increase, thanks to Martin Schönberger - mad05
|
||||
|
||||
3.3.6.0 (2010-08-28)
|
||||
- bug #3033063 [core] Navi gets wrong db name
|
||||
@@ -288,7 +294,7 @@ phpMyAdmin - ChangeLog
|
||||
|
||||
3.3.5.0 (2010-07-26)
|
||||
- patch #2932113 [information_schema] Slow export when having lots of
|
||||
databases, thanks to Stéphane Pontier - shadow_walker
|
||||
databases, thanks to Stéphane Pontier - shadow_walker
|
||||
- bug #3022705 [import] Import button does not work in Catalan when there
|
||||
is no progress bar possible
|
||||
- bug [replication] Do not offer information_schema in the list of databases
|
||||
@@ -328,9 +334,9 @@ phpMyAdmin - ChangeLog
|
||||
- patch #2984893 [engines] InnoDB storage page emits a warning,
|
||||
thanks to Madhura Jayaratne - madhuracj
|
||||
- bug #2974687, bug #2974692 [compatibility] PHPExcel : IBM AIX iconv() does not work,
|
||||
thanks to Björn Wiberg - bwiberg
|
||||
thanks to Björn Wiberg - bwiberg
|
||||
- bug #2983066 [interface] Flush table on table operations shows the query twice,
|
||||
thanks to Martynas MickeviÄius - BlinK_
|
||||
thanks to Martynas Mickevičius - BlinK_
|
||||
- bug #2983060, patch #2987900 [interface] Fix initial state of tables in
|
||||
designer, thanks to Sutharshan Balachandren.
|
||||
- bug #2983062, patch #2989408 [engines] Fix warnings when changing table
|
||||
@@ -409,7 +415,7 @@ phpMyAdmin - ChangeLog
|
||||
+ rfe #2839504 [engines] Support InnoDB plugin's new row formats
|
||||
+ [core] Added ability for synchronizing databases among servers.
|
||||
+ [lang] #2843101 Dutch update, thanks to scavenger2008
|
||||
+ [lang] Galician update, thanks to Xosé Calvo - xosecalvo
|
||||
+ [lang] Galician update, thanks to Xosé Calvo - xosecalvo
|
||||
+ [export] Added MediaWiki export module,
|
||||
thanks to Derek Schaefer - drummingds1
|
||||
+ [lang] Turkish update, thanks to Burak Yavuz
|
||||
|
||||
@@ -143,7 +143,9 @@ function Swekey_auth_error()
|
||||
return "Internal Error: CA File $caFile not found";
|
||||
|
||||
$result = null;
|
||||
parse_str($_SERVER['QUERY_STRING']);
|
||||
$swekey_id = $_GET['swekey_id'];
|
||||
$swekey_otp = $_GET['swekey_otp'];
|
||||
|
||||
if (isset($swekey_id)) {
|
||||
unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
|
||||
if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
|
||||
@@ -166,7 +168,7 @@ function Swekey_auth_error()
|
||||
$result = __('No valid authentication key plugged');
|
||||
if ($_SESSION['SWEKEY']['CONF_DEBUG'])
|
||||
{
|
||||
$result .= "<br>".$swekey_id;
|
||||
$result .= "<br>" . htmlspecialchars($swekey_id);
|
||||
}
|
||||
unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
|
||||
}
|
||||
@@ -186,16 +188,16 @@ function Swekey_auth_error()
|
||||
<script>
|
||||
if (key.length != 32)
|
||||
{
|
||||
window.location.search="?swekey_id=" + key;
|
||||
window.location.search="?swekey_id=" + key + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
|
||||
}
|
||||
else
|
||||
{
|
||||
var url = "" + window.location;
|
||||
if (url.indexOf("?") > 0)
|
||||
url = url.substr(0, url.indexOf("?"));
|
||||
Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>");
|
||||
Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION[' PMA_token ']; ?>");
|
||||
var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
|
||||
window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp;
|
||||
window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
|
||||
}
|
||||
</script>
|
||||
<?php
|
||||
|
||||
@@ -567,10 +567,13 @@ class PMA_User_Schema
|
||||
require_once './libraries/transformations.lib.php';
|
||||
require_once './libraries/Index.class.php';
|
||||
/**
|
||||
* default is PDF
|
||||
* default is PDF, otherwise validate it's only letters a-z
|
||||
*/
|
||||
global $db,$export_type;
|
||||
$export_type = isset($export_type) ? $export_type : 'pdf';
|
||||
if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
|
||||
$export_type = 'pdf';
|
||||
}
|
||||
|
||||
PMA_DBI_select_db($db);
|
||||
|
||||
include("./libraries/schema/".ucfirst($export_type)."_Relation_Schema.class.php");
|
||||
|
||||
@@ -37,7 +37,9 @@ include_once("./libraries/schema/Export_Relation_Schema.class.php");
|
||||
* default is PDF
|
||||
*/
|
||||
global $db,$export_type;
|
||||
$export_type = isset($export_type) ? $export_type : 'pdf';
|
||||
if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
|
||||
$export_type = 'pdf';
|
||||
}
|
||||
PMA_DBI_select_db($db);
|
||||
|
||||
$path = PMA_securePath(ucfirst($export_type));
|
||||
|
||||
2
sql.php
2
sql.php
@@ -719,7 +719,7 @@ if (0 == $num_rows || $is_affected) {
|
||||
parse_str($_REQUEST['transform_fields_list'], $edited_values);
|
||||
|
||||
foreach($mime_map as $transformation) {
|
||||
$include_file = $transformation['transformation'];
|
||||
$include_file = PMA_securePath($transformation['transformation']);
|
||||
$column_name = $transformation['column_name'];
|
||||
$column_data = $edited_values[$column_name];
|
||||
|
||||
|
||||
@@ -69,7 +69,7 @@ if ($multi_tables) {
|
||||
$tbl_list .= (empty($tbl_list) ? '' : ', ')
|
||||
. PMA_backquote($table);
|
||||
}
|
||||
echo '<strong>'. __('Show tables') . ': ' . $tbl_list . '</strong>' . "\n";
|
||||
echo '<strong>'. __('Show tables') . ': ' . htmlspecialchars($tbl_list) . '</strong>' . "\n";
|
||||
echo '<hr />' . "\n";
|
||||
} // end if
|
||||
|
||||
@@ -84,7 +84,7 @@ foreach ($the_tables as $key => $table) {
|
||||
}
|
||||
$counter++;
|
||||
echo '<div' . $breakstyle . '>' . "\n";
|
||||
echo '<h1>' . $table . '</h1>' . "\n";
|
||||
echo '<h1>' . htmlspecialchars($table) . '</h1>' . "\n";
|
||||
|
||||
/**
|
||||
* Gets table informations
|
||||
|
||||
Reference in New Issue
Block a user