From 74d1c7de63c7f0e29db6d6f61ed2ec6b9bbdd9ba Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Sat, 18 Nov 2006 11:30:58 +0000
Subject: [PATCH] undefined index

---
 ChangeLog                |  3 +++
 index.php                |  2 +-
 libraries/common.lib.php | 12 ++++++------
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 09e60ef2d..10b830fd7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
 $Id$
 $Source$
 
+2006-11-18 Marc Delisle  <lem9@users.sourceforge.net>
+    * index.php, libraries/common.lib.php: undefined index
+
 2006-11-17 Michal Čihař  <michal@cihar.com>
     * sql.php, libraries/display_tbl.lib.php: Force pos to be integer to avoid
       XSS.
diff --git a/index.php b/index.php
index 6da60af79..f30ebaf88 100644
--- a/index.php
+++ b/index.php
@@ -88,7 +88,7 @@ if (! isset($GLOBALS['db']) || ! strlen($GLOBALS['db'])) {
 
 $url_query = PMA_generate_common_url($_GET);
 
-if (is_string($GLOBALS['target']) && !empty($GLOBALS['target']) && in_array($GLOBALS['target'], $goto_whitelist)) {
+if (isset($GLOBALS['target']) && is_string($GLOBALS['target']) && !empty($GLOBALS['target']) && in_array($GLOBALS['target'], $goto_whitelist)) {
     $main_target = $GLOBALS['target'];
 }
 
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index 6c8cbcbfc..ad0c4bb64 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -2885,7 +2885,7 @@ if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
  * Check whether user supplied token is valid, if not remove any
  * possibly dangerous stuff from request.
  */
-if (!is_string($_REQUEST['token']) || empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) {
+if ((isset($_REQUEST['token']) && !is_string($_REQUEST['token'])) || empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) {
     /* List of parameters which are allowed from unsafe source */
     $allow_list = array(
         'db', 'table', 'lang', 'server', 'convcharset', 'collation_connection', 'target',
@@ -2910,22 +2910,22 @@ if (!is_string($_REQUEST['token']) || empty($_REQUEST['token']) || $_SESSION[' P
             unset($GLOBALS[$key]);
         } else {
             // we require it to be a string
-            if (is_string($_REQUEST[$key])) {
+            if (isset($_REQUEST[$key]) && is_string($_REQUEST[$key])) {
                 $_REQUEST[$key] = htmlspecialchars($_REQUEST[$key], ENT_QUOTES);
             } else {
                 unset($_REQUEST[$key]);
             }
-            if (is_string($_POST[$key])) {
+            if (isset($_POST[$key]) && is_string($_POST[$key])) {
                 $_POST[$key] = htmlspecialchars($_POST[$key], ENT_QUOTES);
             } else {
                 unset($_POST[$key]);
             }
-            if (is_string($_COOKIE[$key])) {
+            if (isset($_COOKIE[$key]) && is_string($_COOKIE[$key])) {
                 $_COOKIE[$key] = htmlspecialchars($_COOKIE[$key], ENT_QUOTES);
             } else {
                 unset($_COOKIE[$key]);
             }
-            if (is_string($_GET[$key])) {
+            if (isset($_GET[$key]) && is_string($_GET[$key])) {
                 $_GET[$key] = htmlspecialchars($_GET[$key], ENT_QUOTES);
             } else {
                 unset($_GET[$key]);
@@ -3167,7 +3167,7 @@ if (! defined('PMA_MINIMUM_COMMON')) {
      * present a choice of servers in the case that there are multiple servers
      * and '$cfg['ServerDefault'] = 0' is set.
      */
-    if (is_string($_REQUEST['sever']) && ! empty($_REQUEST['server']) && ! empty($cfg['Servers'][$_REQUEST['server']])) {
+    if (isset($_REQUEST['server']) && is_string($_REQUEST['server']) && ! empty($_REQUEST['server']) && ! empty($cfg['Servers'][$_REQUEST['server']])) {
         $GLOBALS['server'] = $_REQUEST['server'];
         $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
     } else {