nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed some security issues

Browse Source
This commit is contained in:
Loïc Chapeaux
2001-09-25 23:24:15 +00:00
parent 263bb19574
commit 435dfbbe7e
6 changed files with 134 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
$Id$
$Source$
2001-09-25 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* libraries/common.lib.php3; left.php3; tbl_move_copy.php3;
tbl_properties.php3; tbl_rename.php3: fixed some security issues.
2001-09-25 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* lang/italian.inc.php3: updated thanks to Pietro Danesi.

31
left.php3
View File

@@ -19,36 +19,7 @@ require('./libraries/common.lib.php3');
* before the user choose among available ones at the welcome screen.
*/
if ($server > 0) {
$num_dbs = count($dblist);
// 1. $cfgServers[n]['only_db'] exists -> gets the valid databases list
if ($num_dbs) {
$true_dblist = array();
for ($i = 0; $i < $num_dbs; $i++) {
$dblink = @mysql_select_db($dblist[$i]);
if ($dblink) {
$true_dblist[] = $dblist[$i];
} // end if
} // end for
unset($dblist);
$dblist = $true_dblist;
unset($true_dblist);
$num_dbs = count($dblist);
} // end if
// 2. no $cfgServers[n]['only_db']
else {
$dbs = mysql_list_dbs() or mysql_die('', 'mysql_list_dbs()', FALSE, '');
$num_dbs = @mysql_num_rows($dbs);
$real_num_dbs = 0;
for ($i = 0; $i < $num_dbs; $i++) {
$db_name_tmp = mysql_dbname($dbs, $i);
$dblink = @mysql_select_db($db_name_tmp);
if ($dblink) {
$dblist[] = $db_name_tmp;
$real_num_dbs++;
}
} // end for
$num_dbs = $real_num_dbs;
} // end else
available_databases(); // this function is defined in "common.lib.php3"
} else {
$num_dbs = 0;
}

92
libraries/common.lib.php3
View File

@@ -23,7 +23,8 @@ if (!defined('__LIB_COMMON__')){
* the include of libraries/defines.lib.php3 must be after the connection
* to db to get the MySql version
*
* the auth() function must be before the connection to db
* the auth() function must be before the connection to db but after the
* pmaIsInto() function
*
* the mysql_die() function must be before the connection to db but after
* mysql extension has been loaded
@@ -36,7 +37,9 @@ if (!defined('__LIB_COMMON__')){
* MySQL release number)
* - load of mysql extension (if necessary)
* - definition of mysql_die()
* - definition of pmaIsInto()
* - db connection
* - advanced authentication work if required
* - second load of the libraries/define.lib.php3 library to get the MySQL
* release number)
* - other functions, respecting dependencies
@@ -203,6 +206,28 @@ if (!defined('__LIB_COMMON__')){
} // end of the 'mysql_die()' function
/**
* Defines whether a string exists inside an array or not
*
* @param string string to search for
* @param mixed array to search into
*
* @return integer the rank of the $toFind string in the array or '-1' if
* it hasn't been found
*
* @access public
*/
function pmaIsInto($toFind = '', &$in)
{
$max = count($in);
for ($i = 0; $i < $max && ($toFind != $in[$i]); $i++) {
// void();
}
return ($i < $max) ? $i : -1;
} // end of the 'pmaIsInto()' function
/**
* Use mysql_connect() or mysql_pconnect()?
*/
@@ -412,7 +437,10 @@ if (!defined('__LIB_COMMON__')){
auth();
} else {
while ($row = mysql_fetch_array($rs)) {
$dblist[] = $row['Db'];
// loic1: avoid multiple entries for dbs
if (pmaIsInto($row['Db'], $dblist) == -1) {
$dblist[] = $row['Db'];
}
}
mysql_free_result($rs);
}
@@ -429,7 +457,10 @@ if (!defined('__LIB_COMMON__')){
// database names instead of with regular
// expressions.
while ($row = mysql_fetch_array($rs)) {
$uva_mydbs[$row['Db']] = 1;
// loic1: avoid multiple entries for dbs
if (pmaIsInto($row['Db'], $dblist) == -1) {
$uva_mydbs[$row['Db']] = 1;
}
}
mysql_free_result($rs);
$uva_alldbs = mysql_list_dbs();
@@ -498,6 +529,61 @@ if (!defined('__LIB_COMMON__')){
}
/**
* Get the list and number of available databases.
*
* @param string the url to go back to in case of error
*
* @return boolean always true
*
* @global array the list of available databases
* @global integer the number of available databases
*/
function available_databases($error_url = '')
{
global $dblist;
global $num_dbs;
$num_dbs = count($dblist);
// 1. A list of allowed databases has already been defined by the
// authentification process -> gets the available databases list
if ($num_dbs) {
$true_dblist = array();
for ($i = 0; $i < $num_dbs; $i++) {
$dblink = @mysql_select_db($dblist[$i]);
if ($dblink) {
$true_dblist[] = $dblist[$i];
} // end if
} // end for
unset($dblist);
$dblist = $true_dblist;
unset($true_dblist);
$num_dbs = count($dblist);
} // end if
// 2. Allowed database list is empty -> gets the list of all databases
// on the server
else {
$dbs = mysql_list_dbs() or mysql_die('', 'mysql_list_dbs()', FALSE, $error_url);
$num_dbs = @mysql_num_rows($dbs);
$real_num_dbs = 0;
for ($i = 0; $i < $num_dbs; $i++) {
$db_name_tmp = mysql_dbname($dbs, $i);
$dblink = @mysql_select_db($db_name_tmp);
if ($dblink) {
$dblist[] = $db_name_tmp;
$real_num_dbs++;
}
} // end for
mysql_free_result($dbs);
$num_dbs = $real_num_dbs;
} // end else
return TRUE;
} // end of the 'available_databases()' function
/**
* Gets constants that defines the PHP, MySQL... releases.
* This include must be located physically before any code that needs to

9
tbl_move_copy.php3
View File

@@ -62,6 +62,13 @@ if (isset($new_name) && trim($new_name) != '') {
}
$new_name = stripslashes($new_name);
}
// Ensure the target is valid
// The functions used below are defined in "common.lib.php3"
available_databases('main.php3?lang=' . $lang . '&server=' . $server);
if (pmaIsInto($db, $dblist) == -1 || pmaIsInto($target_db, $dblist) == -1) {
exit();
}
if (MYSQL_INT_VERSION < 32306) {
check_reserved_words($target_db, $err_url);
check_reserved_words($new_name, $err_url);
@@ -88,7 +95,7 @@ if (isset($new_name) && trim($new_name) != '') {
if ($result != FALSE && $what == 'data') {
// speedup copy table - staybyte - 22. Juni 2001
if (MYSQL_INT_VERSION >= 32300) {
$sql_insert_data = 'INSERT INTO ' . $target . ' SELECT * FROM ' . backquote($table);
$sql_insert_data = 'INSERT INTO ' . $target . ' SELECT * FROM ' . $source;
$result = @mysql_query($sql_insert_data);
if (mysql_error()) {
include('./header.inc.php3');

27
tbl_properties.php3
View File

@@ -991,7 +991,18 @@ echo "\n";
</tr>
<tr>
<td>
<input type="text" size="10" name="target_db" />
<select name="target_db">
<option value=""></option>
<?php
// The function used below is defined in "common.lib.php3"
available_databases('main.php3?lang=' . $lang . '&server=' . $server);
for ($i = 0; $i < $num_dbs; $i++) {
echo ' ';
echo '<option value="' . str_replace('"', '&quot;', $dblist[$i]) . '">' . htmlspecialchars($dblist[$i]) . '</option>';
echo "\n";
} // end for
?>
</select>
&nbsp;<b>.</b>&nbsp;
<input type="text" size="20" name="new_name" value="<?php echo $table; ?>" />
</td>
@@ -1021,7 +1032,19 @@ echo "\n";
</tr>
<tr>
<td colspan="2">
<input type="text" size="10" name="target_db" value="<?php echo $db; ?>" />
<select name="target_db">
<?php
for ($i = 0; $i < $num_dbs; $i++) {
echo ' ';
echo '<option value="' . str_replace('"', '&quot;', $dblist[$i]) . '"';
if ($dblist[$i] == $db) {
echo ' selected="selected"';
}
echo '>' . htmlspecialchars($dblist[$i]) . '</option>';
echo "\n";
} // end for
?>
</select>
&nbsp;<b>.</b>&nbsp;
<input type="text" size="20" name="new_name" />
</td>

7
tbl_rename.php3
View File

@@ -29,6 +29,13 @@ if (isset($new_name) && trim($new_name) != '') {
if (get_magic_quotes_gpc()) {
$new_name = stripslashes($new_name);
}
// Ensure the target is valid
// The functions used below are defined in "common.lib.php3"
available_databases('main.php3?lang=' . $lang . '&server=' . $server);
if (pmaIsInto($db, $dblist) == -1) {
exit();
}
if (MYSQL_INT_VERSION < 32306) {
check_reserved_words($new_name, $err_url);
}