Merge branch 'QA_3_3'

Conflicts: libraries/core.lib.php server_databases.php server_privileges.php
2010-08-20 13:40:37 +02:00
parent 7b1c0187cf 41145feb12
commit 862e3ca2a7
16 changed files with 84 additions and 40 deletions
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -566,7 +566,7 @@ function PMA_mysqlDie($error_message = '', $the_query = '',
        $formatted_sql = '';
    } else {
        if (strlen($the_query) > $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) {
-            $formatted_sql = substr($the_query, 0, $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) . '[...]';
+            $formatted_sql = htmlspecialchars(substr($the_query, 0, $GLOBALS['cfg']['MaxCharactersInDisplayedSQL'])) . '[...]';
        } else {
            $formatted_sql = PMA_formatSql(PMA_SQP_parse($the_query), $the_query);
        }
--- a/libraries/core.lib.php
+++ b/libraries/core.lib.php
@@ -525,22 +525,23 @@ function PMA_getenv($var_name) {
 function PMA_sendHeaderLocation($uri)
 {
    if (PMA_IS_IIS && strlen($uri) > 600) {
+        require_once './libraries/js_escape.lib.php';

        echo '<html><head><title>- - -</title>' . "\n";
        echo '<meta http-equiv="expires" content="0">' . "\n";
        echo '<meta http-equiv="Pragma" content="no-cache">' . "\n";
        echo '<meta http-equiv="Cache-Control" content="no-cache">' . "\n";
-        echo '<meta http-equiv="Refresh" content="0;url=' .$uri . '">' . "\n";
+        echo '<meta http-equiv="Refresh" content="0;url=' .  htmlspecialchars($uri) . '">' . "\n";
        echo '<script type="text/javascript">' . "\n";
        echo '//<![CDATA[' . "\n";
-        echo 'setTimeout("window.location = unescape(\'"' . $uri . '"\')", 2000);' . "\n";
+        echo 'setTimeout("window.location = unescape(\'"' . PMA_escapeJsString($uri) . '"\')", 2000);' . "\n";
        echo '//]]>' . "\n";
        echo '</script>' . "\n";
        echo '</head>' . "\n";
        echo '<body>' . "\n";
        echo '<script type="text/javascript">' . "\n";
        echo '//<![CDATA[' . "\n";
-        echo 'document.write(\'<p><a href="' . $uri . '">' . __('Go') . '</a></p>\');' . "\n";
+        echo 'document.write(\'<p><a href="' . htmlspecialchars($uri) . '">' . __('Go') . '</a></p>\');' . "\n";
        echo '//]]>' . "\n";
        echo '</script></body></html>' . "\n";

--- a/libraries/database_interface.lib.php
+++ b/libraries/database_interface.lib.php
@@ -195,6 +195,10 @@ function PMA_usort_comparison_callback($a, $b)
    } else {
        $sorter = 'strcasecmp';
    }
+    /* No sorting when key is not present */
+    if (!isset($a[$GLOBALS['callback_sort_by']]) || ! isset($b[$GLOBALS['callback_sort_by']])) {
+        return 0;
+    }
    // produces f.e.:
    // return -1 * strnatcasecmp($a["SCHEMA_TABLES"], $b["SCHEMA_TABLES"])
    return ($GLOBALS['callback_sort_order'] == 'ASC' ? 1 : -1) * $sorter($a[$GLOBALS['callback_sort_by']], $b[$GLOBALS['callback_sort_by']]);
--- a/libraries/db_info.inc.php
+++ b/libraries/db_info.inc.php
@@ -211,7 +211,8 @@ if (! isset($sot_ready)) {
        );

        // Make sure the sort type is implemented
-        if ($sort = $sortable_name_mappings[$_REQUEST['sort']]) {
+        if (isset($sortable_name_mappings[$_REQUEST['sort']])) {
+            $sort = $sortable_name_mappings[$_REQUEST['sort']];
            if ($_REQUEST['sort_order'] == 'DESC') {
                $sort_order = 'DESC';
            }
--- a/libraries/dbi/mysql.dbi.lib.php
+++ b/libraries/dbi/mysql.dbi.lib.php
@@ -344,6 +344,8 @@ function PMA_DBI_getError($link = null)
        $error_message = PMA_DBI_convert_message($error_message);
    }

+    $error_message = htmlspecialchars($error_message);
+
    // Some errors messages cannot be obtained by mysql_error()
    if ($error_number == 2002) {
        $error = '#' . ((string) $error_number) . ' - ' . __('The server is not responding') . ' ' . __('(or the local MySQL server\'s socket is not correctly configured)');
--- a/libraries/dbi/mysqli.dbi.lib.php
+++ b/libraries/dbi/mysqli.dbi.lib.php
@@ -400,6 +400,8 @@ function PMA_DBI_getError($link = null)
        $error_message = PMA_DBI_convert_message($error_message);
    }

+    $error_message = htmlspecialchars($error_message);
+
    if ($error_number == 2002) {
        $error = '#' . ((string) $error_number) . ' - ' . __('The server is not responding') . ' ' . __('(or the local MySQL server\'s socket is not correctly configured)');
    } else {
--- a/libraries/sanitizing.lib.php
+++ b/libraries/sanitizing.lib.php
@@ -8,17 +8,26 @@

 /**
 * Sanitizes $message, taking into account our special codes
- * for formatting
+ * for formatting.
+ *
+ * If you want to include result in element attribute, you should escape it.
+ *
+ * Examples:
+ *
+ * <p><?php echo PMA_sanitize($foo); ?></p>
+ *
+ * <a title="<?php echo PMA_sanitize($foo, true); ?>">bar</a>
 *
 * @uses    preg_replace()
 * @uses    strtr()
 * @param   string   the message
+ * @param   boolean  whether to escape html in result
 *
 * @return  string   the sanitized message
 *
 * @access  public
 */
-function PMA_sanitize($message)
+function PMA_sanitize($message, $escape = false)
 {
    $replace_pairs = array(
        '<'         => '&lt;',
@@ -66,6 +75,10 @@ function PMA_sanitize($message)
        $message = preg_replace($pattern, '<a href="\1" target="\2">', $message);
    }

+    if ($escape) {
+        $message = htmlspecialchars($message);
+    }
+
    return $message;
 }
 ?>
--- a/libraries/sqlparser.lib.php
+++ b/libraries/sqlparser.lib.php
@@ -2574,7 +2574,7 @@ if (! defined('PMA_MINIMUM_COMMON')) {
            }
            $after                 .= "\n";
 */
-            $str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : $arr[$i]['data']). $after;
+            $str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : htmlspecialchars($arr[$i]['data'])). $after;
        } // end for
        /* End possibly unclosed documentation link */
        if ($close_docu_link) {