undefined index

2006-11-18 11:49:48 +00:00
parent 3f8663ead7
commit 3c5b5d693a
4 changed files with 11 additions and 8 deletions
--- a/3
+++ b/3
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
 $Id$
 $HeadURL$
 2006-11-18 Marc Delisle  <lem9@users.sourceforge.net>
    * index.php, libraries/common.lib.php, /cleanup.lib.php: undefined index
 2006-11-17 Michal Čihař  <michal@cihar.com>
    * sql.php, libraries/display_tbl.lib.php: Force pos to be integer to avoid
      XSS.
--- a/index.php
+++ b/index.php
@@ -88,7 +88,7 @@ if (! isset($GLOBALS['db']) || ! strlen($GLOBALS['db'])) {
 $url_query = PMA_generate_common_url($_GET);
-if (is_string($GLOBALS['target']) && !empty($GLOBALS['target']) && in_array($GLOBALS['target'], $goto_whitelist)) {
+if (isset($GLOBALS['target']) && is_string($GLOBALS['target']) && !empty($GLOBALS['target']) && in_array($GLOBALS['target'], $goto_whitelist)) {
    $main_target = $GLOBALS['target'];
 }
--- a/libraries/cleanup.lib.php
+++ b/libraries/cleanup.lib.php
@@ -26,22 +26,22 @@ function PMA_remove_request_vars(&$whitelist) {
        } else {
            // allowed stuff could be compromised so escape it
            // we require it to be a string
-            if (is_string($_REQUEST[$key])) {
+            if (isset($_REQUEST[$key]) && is_string($_REQUEST[$key])) {
                $_REQUEST[$key] = htmlspecialchars($_REQUEST[$key], ENT_QUOTES);
            } else {
                unset($_REQUEST[$key]);
            }
-            if (is_string($_POST[$key])) {
+            if (isset($_POST[$key]) && is_string($_POST[$key])) {
                $_POST[$key] = htmlspecialchars($_POST[$key], ENT_QUOTES);
            } else {
                unset($_POST[$key]);
            }
-            if (is_string($_COOKIE[$key])) {
+            if (isset($_COOKIE[$key]) && is_string($_COOKIE[$key])) {
                $_COOKIE[$key] = htmlspecialchars($_COOKIE[$key], ENT_QUOTES);
            } else {
                unset($_COOKIE[$key]);
            }
-            if (is_string($_GET[$key])) {
+            if (isset($_GET[$key]) && is_string($_GET[$key])) {
                $_GET[$key] = htmlspecialchars($_GET[$key], ENT_QUOTES);
            } else {
                unset($_GET[$key]);
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -1122,7 +1122,7 @@ if (!defined('PMA_MINIMUM_COMMON')) {
     * @param   string   $a_string          the string to format
     * @param   boolean  $add_backquotes    whether to add backquotes to the string or not
     *
-     * @return  string   the formated string
+     * @return  string   the formatted string
     *
     * @access  public
     */
@@ -2697,7 +2697,7 @@ if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
 * @todo variables should be handled by their respective owners (objects)
 * f.e. lang, server, convcharset, collation_connection in PMA_Config
 */
-if (!is_string($_REQUEST['token']) || empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) {
+if ((isset($_REQUEST['token']) && !is_string($_REQUEST['token'])) || empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) {
    /**
     *  List of parameters which are allowed from unsafe source
     */
@@ -3003,7 +3003,7 @@ if (! defined('PMA_MINIMUM_COMMON')) {
     * present a choice of servers in the case that there are multiple servers
     * and '$cfg['ServerDefault'] = 0' is set.
     */
-    if (is_string($_REQUEST['sever']) && ! empty($_REQUEST['server']) && ! empty($cfg['Servers'][$_REQUEST['server']])) {
+    if (isset($_REQUEST['server']) && is_string($_REQUEST['server']) && ! empty($_REQUEST['server']) && ! empty($cfg['Servers'][$_REQUEST['server']])) {
        $GLOBALS['server'] = $_REQUEST['server'];
        $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
    } else {