nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix merge conflicts

Browse Source
This commit is contained in:
Marc Delisle
2011-07-23 08:16:00 -04:00
parent 06bfdd7ca6 bd63726ee3
commit 3534dda30a
6 changed files with 30 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
ChangeLog
View File

@@ -19,6 +19,12 @@ phpMyAdmin - ChangeLog
- bug #3372807 [interface] Fix security warning link in setup - bug #3372807 [interface] Fix security warning link in setup
- bug #3374347 [display] Backquotes in normal text on import page - bug #3374347 [display] Backquotes in normal text on import page
3.4.3.2 (2011-07-23)
- [security] Fixed XSS vulnerability, see PMASA-2011-9
- [security] Fixed local file inclusion vulnerability, see PMASA-2011-10
- [security] Fixed local file inclusion vulnerability and code execution, see PMASA-2011-11
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12
3.4.3.1 (2011-07-02) 3.4.3.1 (2011-07-02)
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
@@ -113,7 +119,7 @@ phpMyAdmin - ChangeLog
+ patch #2974341 [structure] Clicking on table name in db Structure should + patch #2974341 [structure] Clicking on table name in db Structure should
Browse the table if possible, thanks to bhdouglass - dougboybhd Browse the table if possible, thanks to bhdouglass - dougboybhd
+ patch #2975533 [search] New search operators, thanks to + patch #2975533 [search] New search operators, thanks to
Martynas Mickevičius Martynas Mickevičius
+ patch #2967320 [designer] Colored relations based on the primary key, + patch #2967320 [designer] Colored relations based on the primary key,
thanks to GreenRover - greenrover thanks to GreenRover - greenrover
- [core] Provide way for vendors to easily change paths to config files. - [core] Provide way for vendors to easily change paths to config files.
@@ -267,7 +273,7 @@ phpMyAdmin - ChangeLog
3.3.7.0 (2010-09-07) 3.3.7.0 (2010-09-07)
- patch #3050492 [PDF scratchboard] Cannot drag table box to the edge after - patch #3050492 [PDF scratchboard] Cannot drag table box to the edge after
a page size increase, thanks to Martin Schönberger - mad05 a page size increase, thanks to Martin Schönberger - mad05
3.3.6.0 (2010-08-28) 3.3.6.0 (2010-08-28)
- bug #3033063 [core] Navi gets wrong db name - bug #3033063 [core] Navi gets wrong db name
@@ -288,7 +294,7 @@ phpMyAdmin - ChangeLog
3.3.5.0 (2010-07-26) 3.3.5.0 (2010-07-26)
- patch #2932113 [information_schema] Slow export when having lots of - patch #2932113 [information_schema] Slow export when having lots of
databases, thanks to Stéphane Pontier - shadow_walker databases, thanks to Stéphane Pontier - shadow_walker
- bug #3022705 [import] Import button does not work in Catalan when there - bug #3022705 [import] Import button does not work in Catalan when there
is no progress bar possible is no progress bar possible
- bug [replication] Do not offer information_schema in the list of databases - bug [replication] Do not offer information_schema in the list of databases
@@ -328,9 +334,9 @@ phpMyAdmin - ChangeLog
- patch #2984893 [engines] InnoDB storage page emits a warning, - patch #2984893 [engines] InnoDB storage page emits a warning,
thanks to Madhura Jayaratne - madhuracj thanks to Madhura Jayaratne - madhuracj
- bug #2974687, bug #2974692 [compatibility] PHPExcel : IBM AIX iconv() does not work, - bug #2974687, bug #2974692 [compatibility] PHPExcel : IBM AIX iconv() does not work,
thanks to Björn Wiberg - bwiberg thanks to Björn Wiberg - bwiberg
- bug #2983066 [interface] Flush table on table operations shows the query twice, - bug #2983066 [interface] Flush table on table operations shows the query twice,
thanks to Martynas Mickevičius - BlinK_ thanks to Martynas Mickevičius - BlinK_
- bug #2983060, patch #2987900 [interface] Fix initial state of tables in - bug #2983060, patch #2987900 [interface] Fix initial state of tables in
designer, thanks to Sutharshan Balachandren. designer, thanks to Sutharshan Balachandren.
- bug #2983062, patch #2989408 [engines] Fix warnings when changing table - bug #2983062, patch #2989408 [engines] Fix warnings when changing table
@@ -409,7 +415,7 @@ phpMyAdmin - ChangeLog
+ rfe #2839504 [engines] Support InnoDB plugin's new row formats + rfe #2839504 [engines] Support InnoDB plugin's new row formats
+ [core] Added ability for synchronizing databases among servers. + [core] Added ability for synchronizing databases among servers.
+ [lang] #2843101 Dutch update, thanks to scavenger2008 + [lang] #2843101 Dutch update, thanks to scavenger2008
+ [lang] Galician update, thanks to Xosé Calvo - xosecalvo + [lang] Galician update, thanks to Xosé Calvo - xosecalvo
+ [export] Added MediaWiki export module, + [export] Added MediaWiki export module,
thanks to Derek Schaefer - drummingds1 thanks to Derek Schaefer - drummingds1
+ [lang] Turkish update, thanks to Burak Yavuz + [lang] Turkish update, thanks to Burak Yavuz

12
libraries/auth/swekey/swekey.auth.lib.php
View File

@@ -143,7 +143,9 @@ function Swekey_auth_error()
return "Internal Error: CA File $caFile not found"; return "Internal Error: CA File $caFile not found";
$result = null; $result = null;
parse_str($_SERVER['QUERY_STRING']); $swekey_id = $_GET['swekey_id'];
$swekey_otp = $_GET['swekey_otp'];
if (isset($swekey_id)) { if (isset($swekey_id)) {
unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']); unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) { if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
@@ -166,7 +168,7 @@ function Swekey_auth_error()
$result = __('No valid authentication key plugged'); $result = __('No valid authentication key plugged');
if ($_SESSION['SWEKEY']['CONF_DEBUG']) if ($_SESSION['SWEKEY']['CONF_DEBUG'])
{ {
$result .= "<br>".$swekey_id; $result .= "<br>" . htmlspecialchars($swekey_id);
} }
unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
} }
@@ -186,16 +188,16 @@ function Swekey_auth_error()
<script> <script>
if (key.length != 32) if (key.length != 32)
{ {
window.location.search="?swekey_id=" + key; window.location.search="?swekey_id=" + key + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
} }
else else
{ {
var url = "" + window.location; var url = "" + window.location;
if (url.indexOf("?") > 0) if (url.indexOf("?") > 0)
url = url.substr(0, url.indexOf("?")); url = url.substr(0, url.indexOf("?"));
Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>"); Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION[' PMA_token ']; ?>");
var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>); var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp; window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
} }
</script> </script>
<?php <?php

7
libraries/schema/User_Schema.class.php
View File

@@ -567,10 +567,13 @@ class PMA_User_Schema
require_once './libraries/transformations.lib.php'; require_once './libraries/transformations.lib.php';
require_once './libraries/Index.class.php'; require_once './libraries/Index.class.php';
/** /**
* default is PDF * default is PDF, otherwise validate it's only letters a-z
*/ */
global $db,$export_type; global $db,$export_type;
$export_type = isset($export_type) ? $export_type : 'pdf'; if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
$export_type = 'pdf';
}
PMA_DBI_select_db($db); PMA_DBI_select_db($db);
include("./libraries/schema/".ucfirst($export_type)."_Relation_Schema.class.php"); include("./libraries/schema/".ucfirst($export_type)."_Relation_Schema.class.php");

4
schema_export.php
View File

@@ -37,7 +37,9 @@ include_once("./libraries/schema/Export_Relation_Schema.class.php");
* default is PDF * default is PDF
*/ */
global $db,$export_type; global $db,$export_type;
$export_type = isset($export_type) ? $export_type : 'pdf'; if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
$export_type = 'pdf';
}
PMA_DBI_select_db($db); PMA_DBI_select_db($db);
$path = PMA_securePath(ucfirst($export_type)); $path = PMA_securePath(ucfirst($export_type));

2
sql.php
View File

@@ -719,7 +719,7 @@ if (0 == $num_rows || $is_affected) {
parse_str($_REQUEST['transform_fields_list'], $edited_values); parse_str($_REQUEST['transform_fields_list'], $edited_values);
foreach($mime_map as $transformation) { foreach($mime_map as $transformation) {
$include_file = $transformation['transformation']; $include_file = PMA_securePath($transformation['transformation']);
$column_name = $transformation['column_name']; $column_name = $transformation['column_name'];
$column_data = $edited_values[$column_name]; $column_data = $edited_values[$column_name];

4
tbl_printview.php
View File

@@ -69,7 +69,7 @@ if ($multi_tables) {
$tbl_list .= (empty($tbl_list) ? '' : ', ') $tbl_list .= (empty($tbl_list) ? '' : ', ')
. PMA_backquote($table); . PMA_backquote($table);
} }
echo '<strong>'. __('Show tables') . ': ' . $tbl_list . '</strong>' . "\n"; echo '<strong>'. __('Show tables') . ': ' . htmlspecialchars($tbl_list) . '</strong>' . "\n";
echo '<hr />' . "\n"; echo '<hr />' . "\n";
} // end if } // end if
@@ -84,7 +84,7 @@ foreach ($the_tables as $key => $table) {
} }
$counter++; $counter++;
echo '<div' . $breakstyle . '>' . "\n"; echo '<div' . $breakstyle . '>' . "\n";
echo '<h1>' . $table . '</h1>' . "\n"; echo '<h1>' . htmlspecialchars($table) . '</h1>' . "\n";
/** /**
* Gets table informations * Gets table informations