nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix merge conflicts

Browse Source
This commit is contained in:
Marc Delisle
2011-07-23 07:56:45 -04:00
parent 1d60fb6da9 6cb0ad8a0d
commit 8a5c5c8ef5
3 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -7,6 +7,10 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
3.3.11.0 (not yet released) 3.3.11.0 (not yet released)
3.3.10.3 (2011-07-23)
- [security] Fixed XSS vulnerability, see PMASA-2011-9
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12
3.3.10.2 (2011-07-02) 3.3.10.2 (2011-07-02)
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6

12
libraries/auth/swekey/swekey.auth.lib.php
View File

@@ -143,7 +143,9 @@ function Swekey_auth_error()
return "Internal Error: CA File $caFile not found"; return "Internal Error: CA File $caFile not found";
$result = null; $result = null;
parse_str($_SERVER['QUERY_STRING']); $swekey_id = $_GET['swekey_id'];
$swekey_otp = $_GET['swekey_otp'];
if (isset($swekey_id)) { if (isset($swekey_id)) {
unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']); unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) { if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
@@ -166,7 +168,7 @@ function Swekey_auth_error()
$result = $GLOBALS['strSwekeyNoKey']; $result = $GLOBALS['strSwekeyNoKey'];
if ($_SESSION['SWEKEY']['CONF_DEBUG']) if ($_SESSION['SWEKEY']['CONF_DEBUG'])
{ {
$result .= "<br>".$swekey_id; $result .= "<br>" . htmlspecialchars($swekey_id);
} }
unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
} }
@@ -186,16 +188,16 @@ function Swekey_auth_error()
<script> <script>
if (key.length != 32) if (key.length != 32)
{ {
window.location.search="?swekey_id=" + key; window.location.search="?swekey_id=" + key + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
} }
else else
{ {
var url = "" + window.location; var url = "" + window.location;
if (url.indexOf("?") > 0) if (url.indexOf("?") > 0)
url = url.substr(0, url.indexOf("?")); url = url.substr(0, url.indexOf("?"));
Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>"); Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION[' PMA_token ']; ?>");
var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>); var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp; window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
} }
</script> </script>
<?php <?php

4
tbl_printview.php
View File

@@ -72,7 +72,7 @@ if ($multi_tables) {
$tbl_list .= (empty($tbl_list) ? '' : ', ') $tbl_list .= (empty($tbl_list) ? '' : ', ')
. PMA_backquote($table); . PMA_backquote($table);
} }
echo '<strong>'. $strShowTables . ': ' . $tbl_list . '</strong>' . "\n"; echo '<strong>'. $strShowTables . ': ' . htmlspecialchars($tbl_list) . '</strong>' . "\n";
echo '<hr />' . "\n"; echo '<hr />' . "\n";
} // end if } // end if
@@ -87,7 +87,7 @@ foreach ($the_tables as $key => $table) {
} }
$counter++; $counter++;
echo '<div' . $breakstyle . '>' . "\n"; echo '<div' . $breakstyle . '>' . "\n";
echo '<h1>' . $table . '</h1>' . "\n"; echo '<h1>' . htmlspecialchars($table) . '</h1>' . "\n";
/** /**
* Gets table informations * Gets table informations