nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed bug #1810629 XSS in setup.php

Browse Source
This commit is contained in:
Sebastian Mendel
2007-10-10 07:30:59 +00:00
parent 86b1e3032b
commit 96942edcce
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -22,6 +22,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #1807923 [login] Login with html entities in password fails - bug #1807923 [login] Login with html entities in password fails
- [core] Undefined variable when creating a table that exists - [core] Undefined variable when creating a table that exists
2.11.1.1 (not yet released)
- bug #1810629 [setup] XSS in setup.php
2.11.1.0 (2007-09-20) 2.11.1.0 (2007-09-20)
- bug #1783667 [export] NO_AUTO_VALUE_ON_ZERO and MySQL version - bug #1783667 [export] NO_AUTO_VALUE_ON_ZERO and MySQL version

8
scripts/setup.php
View File

@@ -1395,7 +1395,7 @@ switch ($action) {
} else { } else {
mysql_close($conn); mysql_close($conn);
} }
} else { } else {
$socket = empty($new_server['socket']) || $new_server['connect_type'] == 'tcp' ? NULL : $new_server['socket']; $socket = empty($new_server['socket']) || $new_server['connect_type'] == 'tcp' ? NULL : $new_server['socket'];
$port = empty($new_server['port']) || $new_server['connect_type'] == 'socket' ? NULL : $new_server['port']; $port = empty($new_server['port']) || $new_server['connect_type'] == 'socket' ? NULL : $new_server['port'];
$conn = @mysqli_connect($new_server['host'], $new_server['controluser'], $new_server['controlpass'], NULL, $port, $socket); $conn = @mysqli_connect($new_server['host'], $new_server['controluser'], $new_server['controlpass'], NULL, $port, $socket);
@@ -1951,12 +1951,16 @@ switch ($action) {
if (empty($_SERVER['REQUEST_URI']) || empty($_SERVER['HTTP_HOST'])) { if (empty($_SERVER['REQUEST_URI']) || empty($_SERVER['HTTP_HOST'])) {
$redir = ''; $redir = '';
} else { } else {
$redir = ' If your server is also configured to accept HTTPS request follow <a href="https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '">this link</a> to use secure connection.'; $redir = ' If your server is also configured to accept HTTPS request'
. ' follow <a href="https://'
. htmlspecialchars($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'])
. '">this link</a> to use secure connection.';
} }
message('warning', 'You are not using secure connection, all data (including sensitive, like passwords) are transfered unencrypted!' . $redir, 'Not secure connection'); message('warning', 'You are not using secure connection, all data (including sensitive, like passwords) are transfered unencrypted!' . $redir, 'Not secure connection');
} }
break; break;
} }
echo $_SERVER['REQUEST_URI'];
// Should we show information? // Should we show information?
if ($show_info) { if ($show_info) {