nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed some security issues

Browse Source
This commit is contained in:
Loïc Chapeaux
2001-09-25 23:24:15 +00:00
parent 263bb19574
commit 435dfbbe7e
6 changed files with 134 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2001-09-25 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* libraries/common.lib.php3; left.php3; tbl_move_copy.php3;
tbl_properties.php3; tbl_rename.php3: fixed some security issues.
2001-09-25 Lo<4C>c Chapeaux <lolo@phpheaven.net> 2001-09-25 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* lang/italian.inc.php3: updated thanks to Pietro Danesi. * lang/italian.inc.php3: updated thanks to Pietro Danesi.

31
left.php3
View File

@@ -19,36 +19,7 @@ require('./libraries/common.lib.php3');
* before the user choose among available ones at the welcome screen. * before the user choose among available ones at the welcome screen.
*/ */
if ($server > 0) { if ($server > 0) {
$num_dbs = count($dblist); available_databases(); // this function is defined in "common.lib.php3"
// 1. $cfgServers[n]['only_db'] exists -> gets the valid databases list
if ($num_dbs) {
$true_dblist = array();
for ($i = 0; $i < $num_dbs; $i++) {
$dblink = @mysql_select_db($dblist[$i]);
if ($dblink) {
$true_dblist[] = $dblist[$i];
} // end if
} // end for
unset($dblist);
$dblist = $true_dblist;
unset($true_dblist);
$num_dbs = count($dblist);
} // end if
// 2. no $cfgServers[n]['only_db']
else {
$dbs = mysql_list_dbs() or mysql_die('', 'mysql_list_dbs()', FALSE, '');
$num_dbs = @mysql_num_rows($dbs);
$real_num_dbs = 0;
for ($i = 0; $i < $num_dbs; $i++) {
$db_name_tmp = mysql_dbname($dbs, $i);
$dblink = @mysql_select_db($db_name_tmp);
if ($dblink) {
$dblist[] = $db_name_tmp;
$real_num_dbs++;
}
} // end for
$num_dbs = $real_num_dbs;
} // end else
} else { } else {
$num_dbs = 0; $num_dbs = 0;
} }

92
libraries/common.lib.php3
View File

@@ -23,7 +23,8 @@ if (!defined('__LIB_COMMON__')){
* the include of libraries/defines.lib.php3 must be after the connection * the include of libraries/defines.lib.php3 must be after the connection
* to db to get the MySql version * to db to get the MySql version
* *
* the auth() function must be before the connection to db * the auth() function must be before the connection to db but after the
* pmaIsInto() function
* *
* the mysql_die() function must be before the connection to db but after * the mysql_die() function must be before the connection to db but after
* mysql extension has been loaded * mysql extension has been loaded
@@ -36,7 +37,9 @@ if (!defined('__LIB_COMMON__')){
* MySQL release number) * MySQL release number)
* - load of mysql extension (if necessary) * - load of mysql extension (if necessary)
* - definition of mysql_die() * - definition of mysql_die()
* - definition of pmaIsInto()
* - db connection * - db connection
* - advanced authentication work if required
* - second load of the libraries/define.lib.php3 library to get the MySQL * - second load of the libraries/define.lib.php3 library to get the MySQL
* release number) * release number)
* - other functions, respecting dependencies * - other functions, respecting dependencies
@@ -203,6 +206,28 @@ if (!defined('__LIB_COMMON__')){
} // end of the 'mysql_die()' function } // end of the 'mysql_die()' function
/**
* Defines whether a string exists inside an array or not
*
* @param string string to search for
* @param mixed array to search into
*
* @return integer the rank of the $toFind string in the array or '-1' if
* it hasn't been found
*
* @access public
*/
function pmaIsInto($toFind = '', &$in)
{
$max = count($in);
for ($i = 0; $i < $max && ($toFind != $in[$i]); $i++) {
// void();
}
return ($i < $max) ? $i : -1;
} // end of the 'pmaIsInto()' function
/** /**
* Use mysql_connect() or mysql_pconnect()? * Use mysql_connect() or mysql_pconnect()?
*/ */
@@ -412,7 +437,10 @@ if (!defined('__LIB_COMMON__')){
auth(); auth();
} else { } else {
while ($row = mysql_fetch_array($rs)) { while ($row = mysql_fetch_array($rs)) {
$dblist[] = $row['Db']; // loic1: avoid multiple entries for dbs
if (pmaIsInto($row['Db'], $dblist) == -1) {
$dblist[] = $row['Db'];
}
} }
mysql_free_result($rs); mysql_free_result($rs);
} }
@@ -429,7 +457,10 @@ if (!defined('__LIB_COMMON__')){
// database names instead of with regular // database names instead of with regular
// expressions. // expressions.
while ($row = mysql_fetch_array($rs)) { while ($row = mysql_fetch_array($rs)) {
$uva_mydbs[$row['Db']] = 1; // loic1: avoid multiple entries for dbs
if (pmaIsInto($row['Db'], $dblist) == -1) {
$uva_mydbs[$row['Db']] = 1;
}
} }
mysql_free_result($rs); mysql_free_result($rs);
$uva_alldbs = mysql_list_dbs(); $uva_alldbs = mysql_list_dbs();
@@ -498,6 +529,61 @@ if (!defined('__LIB_COMMON__')){
} }
/**
* Get the list and number of available databases.
*
* @param string the url to go back to in case of error
*
* @return boolean always true
*
* @global array the list of available databases
* @global integer the number of available databases
*/
function available_databases($error_url = '')
{
global $dblist;
global $num_dbs;
$num_dbs = count($dblist);
// 1. A list of allowed databases has already been defined by the
// authentification process -> gets the available databases list
if ($num_dbs) {
$true_dblist = array();
for ($i = 0; $i < $num_dbs; $i++) {
$dblink = @mysql_select_db($dblist[$i]);
if ($dblink) {
$true_dblist[] = $dblist[$i];
} // end if
} // end for
unset($dblist);
$dblist = $true_dblist;
unset($true_dblist);
$num_dbs = count($dblist);
} // end if
// 2. Allowed database list is empty -> gets the list of all databases
// on the server
else {
$dbs = mysql_list_dbs() or mysql_die('', 'mysql_list_dbs()', FALSE, $error_url);
$num_dbs = @mysql_num_rows($dbs);
$real_num_dbs = 0;
for ($i = 0; $i < $num_dbs; $i++) {
$db_name_tmp = mysql_dbname($dbs, $i);
$dblink = @mysql_select_db($db_name_tmp);
if ($dblink) {
$dblist[] = $db_name_tmp;
$real_num_dbs++;
}
} // end for
mysql_free_result($dbs);
$num_dbs = $real_num_dbs;
} // end else
return TRUE;
} // end of the 'available_databases()' function
/** /**
* Gets constants that defines the PHP, MySQL... releases. * Gets constants that defines the PHP, MySQL... releases.
* This include must be located physically before any code that needs to * This include must be located physically before any code that needs to

9
tbl_move_copy.php3
View File

@@ -62,6 +62,13 @@ if (isset($new_name) && trim($new_name) != '') {
} }
$new_name = stripslashes($new_name); $new_name = stripslashes($new_name);
} }
// Ensure the target is valid
// The functions used below are defined in "common.lib.php3"
available_databases('main.php3?lang=' . $lang . '&server=' . $server);
if (pmaIsInto($db, $dblist) == -1 || pmaIsInto($target_db, $dblist) == -1) {
exit();
}
if (MYSQL_INT_VERSION < 32306) { if (MYSQL_INT_VERSION < 32306) {
check_reserved_words($target_db, $err_url); check_reserved_words($target_db, $err_url);
check_reserved_words($new_name, $err_url); check_reserved_words($new_name, $err_url);
@@ -88,7 +95,7 @@ if (isset($new_name) && trim($new_name) != '') {
if ($result != FALSE && $what == 'data') { if ($result != FALSE && $what == 'data') {
// speedup copy table - staybyte - 22. Juni 2001 // speedup copy table - staybyte - 22. Juni 2001
if (MYSQL_INT_VERSION >= 32300) { if (MYSQL_INT_VERSION >= 32300) {
$sql_insert_data = 'INSERT INTO ' . $target . ' SELECT * FROM ' . backquote($table); $sql_insert_data = 'INSERT INTO ' . $target . ' SELECT * FROM ' . $source;
$result = @mysql_query($sql_insert_data); $result = @mysql_query($sql_insert_data);
if (mysql_error()) { if (mysql_error()) {
include('./header.inc.php3'); include('./header.inc.php3');

27
tbl_properties.php3
View File

@@ -991,7 +991,18 @@ echo "\n";
</tr> </tr>
<tr> <tr>
<td> <td>
<input type="text" size="10" name="target_db" /> <select name="target_db">
<option value=""></option>
<?php
// The function used below is defined in "common.lib.php3"
available_databases('main.php3?lang=' . $lang . '&server=' . $server);
for ($i = 0; $i < $num_dbs; $i++) {
echo ' ';
echo '<option value="' . str_replace('"', '&quot;', $dblist[$i]) . '">' . htmlspecialchars($dblist[$i]) . '</option>';
echo "\n";
} // end for
?>
</select>
&nbsp;<b>.</b>&nbsp; &nbsp;<b>.</b>&nbsp;
<input type="text" size="20" name="new_name" value="<?php echo $table; ?>" /> <input type="text" size="20" name="new_name" value="<?php echo $table; ?>" />
</td> </td>
@@ -1021,7 +1032,19 @@ echo "\n";
</tr> </tr>
<tr> <tr>
<td colspan="2"> <td colspan="2">
<input type="text" size="10" name="target_db" value="<?php echo $db; ?>" /> <select name="target_db">
<?php
for ($i = 0; $i < $num_dbs; $i++) {
echo ' ';
echo '<option value="' . str_replace('"', '&quot;', $dblist[$i]) . '"';
if ($dblist[$i] == $db) {
echo ' selected="selected"';
}
echo '>' . htmlspecialchars($dblist[$i]) . '</option>';
echo "\n";
} // end for
?>
</select>
&nbsp;<b>.</b>&nbsp; &nbsp;<b>.</b>&nbsp;
<input type="text" size="20" name="new_name" /> <input type="text" size="20" name="new_name" />
</td> </td>

7
tbl_rename.php3
View File

@@ -29,6 +29,13 @@ if (isset($new_name) && trim($new_name) != '') {
if (get_magic_quotes_gpc()) { if (get_magic_quotes_gpc()) {
$new_name = stripslashes($new_name); $new_name = stripslashes($new_name);
} }
// Ensure the target is valid
// The functions used below are defined in "common.lib.php3"
available_databases('main.php3?lang=' . $lang . '&server=' . $server);
if (pmaIsInto($db, $dblist) == -1) {
exit();
}
if (MYSQL_INT_VERSION < 32306) { if (MYSQL_INT_VERSION < 32306) {
check_reserved_words($new_name, $err_url); check_reserved_words($new_name, $err_url);
} }