[security] Code execution vulnerability
This commit is contained in:
@@ -109,6 +109,9 @@ danbarry
|
|||||||
contains accents
|
contains accents
|
||||||
+ [lang] Spanish update, thanks to Daniel Hinostroza
|
+ [lang] Spanish update, thanks to Daniel Hinostroza
|
||||||
|
|
||||||
|
2.11.9.1 (2008-09-15)
|
||||||
|
- [security] Code execution vulnerability, thanks to Norman Hippert
|
||||||
|
|
||||||
2.11.9.0 (2008-08-28)
|
2.11.9.0 (2008-08-28)
|
||||||
- bug #2031221 [auth] Links to version number on login screen
|
- bug #2031221 [auth] Links to version number on login screen
|
||||||
- bug #2032707 [core] PMA does not start if ini_set() is disabled
|
- bug #2032707 [core] PMA does not start if ini_set() is disabled
|
||||||
|
@@ -184,6 +184,32 @@ function PMA_DBI_get_tables($database, $link = null)
|
|||||||
null, 0, $link, PMA_DBI_QUERY_STORE);
|
null, 0, $link, PMA_DBI_QUERY_STORE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* usort comparison callback
|
||||||
|
*
|
||||||
|
* @param string $a first argument to sort
|
||||||
|
* @param string $b second argument to sort
|
||||||
|
*
|
||||||
|
* @return integer a value representing whether $a should be before $b in the
|
||||||
|
* sorted array or not
|
||||||
|
*
|
||||||
|
* @global string the column the array shall be sorted by
|
||||||
|
* @global string the sorting order ('ASC' or 'DESC')
|
||||||
|
*
|
||||||
|
* @access private
|
||||||
|
*/
|
||||||
|
function PMA_usort_comparison_callback($a, $b)
|
||||||
|
{
|
||||||
|
if ($GLOBALS['cfg']['NaturalOrder']) {
|
||||||
|
$sorter = 'strnatcasecmp';
|
||||||
|
} else {
|
||||||
|
$sorter = 'strcasecmp';
|
||||||
|
}
|
||||||
|
// produces f.e.:
|
||||||
|
// return -1 * strnatcasecmp($a["SCHEMA_TABLES"], $b["SCHEMA_TABLES"])
|
||||||
|
return ($GLOBALS['callback_sort_order'] == 'ASC' ? 1 : -1) * $sorter($a[$GLOBALS['callback_sort_by']], $b[$GLOBALS['callback_sort_by']]);
|
||||||
|
} // end of the 'PMA_usort_comparison_callback()' function
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* returns array of all tables in given db or dbs
|
* returns array of all tables in given db or dbs
|
||||||
* this function expects unquoted names:
|
* this function expects unquoted names:
|
||||||
@@ -405,7 +431,7 @@ function PMA_DBI_get_tables_full($database, $table = false,
|
|||||||
* @param string $databases database
|
* @param string $databases database
|
||||||
* @param boolean $force_stats retrieve stats also for MySQL < 5
|
* @param boolean $force_stats retrieve stats also for MySQL < 5
|
||||||
* @param resource $link mysql link
|
* @param resource $link mysql link
|
||||||
* @param string $sort_by collumn to order by
|
* @param string $sort_by column to order by
|
||||||
* @param string $sort_order ASC or DESC
|
* @param string $sort_order ASC or DESC
|
||||||
* @param integer $limit_offset starting offset for LIMIT
|
* @param integer $limit_offset starting offset for LIMIT
|
||||||
* @param bool|int $limit_count row count for LIMIT or true for $GLOBALS['cfg']['MaxDbList']
|
* @param bool|int $limit_count row count for LIMIT or true for $GLOBALS['cfg']['MaxDbList']
|
||||||
@@ -550,23 +576,10 @@ function PMA_DBI_get_databases_full($database = null, $force_stats = false,
|
|||||||
* (caused by older MySQL < 5 or $GLOBALS['cfg']['NaturalOrder'])
|
* (caused by older MySQL < 5 or $GLOBALS['cfg']['NaturalOrder'])
|
||||||
*/
|
*/
|
||||||
if ($apply_limit_and_order_manual) {
|
if ($apply_limit_and_order_manual) {
|
||||||
|
$GLOBALS['callback_sort_order'] = $sort_order;
|
||||||
/**
|
$GLOBALS['callback_sort_by'] = $sort_by;
|
||||||
* first apply ordering
|
usort($databases, 'PMA_usort_comparison_callback');
|
||||||
*/
|
unset($GLOBALS['callback_sort_order'], $GLOBALS['callback_sort_by']);
|
||||||
if ($GLOBALS['cfg']['NaturalOrder']) {
|
|
||||||
$sorter = 'strnatcasecmp';
|
|
||||||
} else {
|
|
||||||
$sorter = 'strcasecmp';
|
|
||||||
}
|
|
||||||
|
|
||||||
// produces f.e.:
|
|
||||||
// return -1 * strnatcasecmp($a["SCHEMA_TABLES"], $b["SCHEMA_TABLES"])
|
|
||||||
$sort_function = '
|
|
||||||
return ' . ($sort_order == 'ASC' ? 1 : -1) . ' * ' . $sorter . '($a["' . $sort_by . '"], $b["' . $sort_by . '"]);
|
|
||||||
';
|
|
||||||
|
|
||||||
usort($databases, create_function('$a, $b', $sort_function));
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* now apply limit
|
* now apply limit
|
||||||
|
Reference in New Issue
Block a user