nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'security/MAINT_3_4_3-security' into MAINT_3_4_3-security

Browse Source
This commit is contained in:
Herman van Rink
2011-07-08 10:38:55 +02:00
parent d7cffc5dbd f63e1bb42a
commit 3caa6cbb7e
3 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -1,6 +1,10 @@
phpMyAdmin - ChangeLog phpMyAdmin - ChangeLog
====================== ======================
3.4.3.2 (2011-07-XX)
- [security] Fixed XSS vulnerability, see PMASA-2011-9
- [security] Fixed local file inclusion vulnerability, see PMASA-2011-10
3.4.3.1 (2011-07-02) 3.4.3.1 (2011-07-02)
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6

2
sql.php
View File

@@ -719,7 +719,7 @@ if (0 == $num_rows || $is_affected) {
parse_str($_REQUEST['transform_fields_list'], $edited_values); parse_str($_REQUEST['transform_fields_list'], $edited_values);
foreach($mime_map as $transformation) { foreach($mime_map as $transformation) {
$include_file = $transformation['transformation']; $include_file = PMA_securePath($transformation['transformation']);
$column_name = $transformation['column_name']; $column_name = $transformation['column_name'];
$column_data = $edited_values[$column_name]; $column_data = $edited_values[$column_name];

4
tbl_printview.php
View File

@@ -69,7 +69,7 @@ if ($multi_tables) {
$tbl_list .= (empty($tbl_list) ? '' : ', ') $tbl_list .= (empty($tbl_list) ? '' : ', ')
. PMA_backquote($table); . PMA_backquote($table);
} }
echo '<strong>'. __('Show tables') . ': ' . $tbl_list . '</strong>' . "\n"; echo '<strong>'. __('Show tables') . ': ' . htmlspecialchars($tbl_list) . '</strong>' . "\n";
echo '<hr />' . "\n"; echo '<hr />' . "\n";
} // end if } // end if
@@ -84,7 +84,7 @@ foreach ($the_tables as $key => $table) {
} }
$counter++; $counter++;
echo '<div' . $breakstyle . '>' . "\n"; echo '<div' . $breakstyle . '>' . "\n";
echo '<h1>' . $table . '</h1>' . "\n"; echo '<h1>' . htmlspecialchars($table) . '</h1>' . "\n";
/** /**
* Gets table informations * Gets table informations