From 4341818d73d454451f024950a4ce0141608ac7f8 Mon Sep 17 00:00:00 2001 From: Herman van Rink Date: Thu, 25 Nov 2010 11:50:50 +0100 Subject: [PATCH 1/5] bug #3115519: fixed XSS on search --- libraries/common.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/common.lib.php b/libraries/common.lib.php index 610438c1e..b926e923d 100644 --- a/libraries/common.lib.php +++ b/libraries/common.lib.php @@ -1634,7 +1634,7 @@ function PMA_linkOrButton($url, $message, $tag_params = array(), $tmp = $tag_params; $tag_params = array(); if (!empty($tmp)) { - $tag_params['onclick'] = 'return confirmLink(this, \'' . $tmp . '\')'; + $tag_params['onclick'] = 'return confirmLink(this, \'' . PMA_escapeJsString($tmp) . '\')'; } unset($tmp); } From 38547bea51e3ee1b84564dc111c64cc476d2e73c Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Fri, 26 Nov 2010 09:03:22 -0500 Subject: [PATCH 2/5] ChangeLog for XSS fix --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4827fb69b..6a1060790 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog $Id$ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $ +3.3.8.1 (2010-10-26) +- bug #3115519 (private) [security] XSS on db search + 3.3.8.0 (2010-10-25) - bug #3059311 [import] BIGINT field type added to table analysis - [core] Update library PHPExcel to version 1.7.4 @@ -18,9 +21,6 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA 3.3.7.0 (2010-09-07) - patch #3050492 [PDF scratchboard] Cannot drag table box to the edge after a page size increase, thanks to Martin Schönberger - mad05 -- bug #3054458 [core] Fixed displaying number of rows. -- bug #3035300 [parser] Fixed wrong definition of keywords. -- [setup] Fixed escaping of server name. 3.3.6.0 (2010-08-28) - bug #3033063 [core] Navi gets wrong db name From fcc04991533333d18c86b3005967da2d75a56fb9 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Fri, 26 Nov 2010 09:20:07 -0500 Subject: [PATCH 3/5] 3.3.8.1 release --- Documentation.html | 4 ++-- README | 4 ++-- libraries/Config.class.php | 2 +- translators.html | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Documentation.html b/Documentation.html index a233ccd10..bf3006831 100644 --- a/Documentation.html +++ b/Documentation.html @@ -10,7 +10,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 - phpMyAdmin 3.3.8 - Documentation + phpMyAdmin 3.3.8.1 - Documentation @@ -18,7 +18,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 diff --git a/README b/README index 967acded2..d84e8d725 100644 --- a/README +++ b/README @@ -5,8 +5,8 @@ phpMyAdmin - Readme A set of PHP-scripts to manage MySQL over the web. - Version 3.3.8 - ------------- + Version 3.3.8.1 + --------------- http://www.phpmyadmin.net/ Copyright (C) 1998-2000 Tobias Ratschiller diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 6594e3aac..8f5c43db9 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -92,7 +92,7 @@ class PMA_Config */ function checkSystem() { - $this->set('PMA_VERSION', '3.3.8'); + $this->set('PMA_VERSION', '3.3.8.1'); /** * @deprecated */ diff --git a/translators.html b/translators.html index 598e21824..f390397ac 100644 --- a/translators.html +++ b/translators.html @@ -11,7 +11,7 @@ - phpMyAdmin 3.3.8 - Official translators + phpMyAdmin 3.3.8.1 - Official translators @@ -19,7 +19,7 @@ From 150798965d85ee7aee19076a8cd9f8f71770acc7 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Mon, 29 Nov 2010 12:16:27 -0500 Subject: [PATCH 4/5] 3.3.8.1 release date and PMASA ref --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6a1060790..8fad918bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,8 +5,8 @@ phpMyAdmin - ChangeLog $Id$ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $ -3.3.8.1 (2010-10-26) -- bug #3115519 (private) [security] XSS on db search +3.3.8.1 (2010-11-29) +- bug #3115519 (private) [security] XSS on db search, see PMASA-2010-8 3.3.8.0 (2010-10-25) - bug #3059311 [import] BIGINT field type added to table analysis From 6f982a164575ab0d4f35aba9425576189e4013d5 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Thu, 10 Nov 2011 08:42:22 -0500 Subject: [PATCH 5/5] 3.3.10.5 release --- ChangeLog | 2 +- Documentation.html | 4 ++-- README | 2 +- libraries/Config.class.php | 2 +- translators.html | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 87e3364a5..7a69d01b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,7 +5,7 @@ phpMyAdmin - ChangeLog $Id$ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $ -3.3.10.5 (not yet released) +3.3.10.5 (2011-11-10) - [security] Fixed possible local file inclusion in XML import (CVE-2011-4107). diff --git a/Documentation.html b/Documentation.html index feafb2014..3a115a742 100644 --- a/Documentation.html +++ b/Documentation.html @@ -10,7 +10,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 - phpMyAdmin 3.3.10.4 - Documentation + phpMyAdmin 3.3.10.5 - Documentation @@ -18,7 +18,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 diff --git a/README b/README index 4d2bcbd04..3ad7217e3 100644 --- a/README +++ b/README @@ -5,7 +5,7 @@ phpMyAdmin - Readme A set of PHP-scripts to manage MySQL over the web. - Version 3.3.10.4 + Version 3.3.10.5 ---------------- http://www.phpmyadmin.net/ diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 0ace8903f..9dd464ba1 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -92,7 +92,7 @@ class PMA_Config */ function checkSystem() { - $this->set('PMA_VERSION', '3.3.10.4'); + $this->set('PMA_VERSION', '3.3.10.5'); /** * @deprecated */ diff --git a/translators.html b/translators.html index 24096d72c..af5719b6b 100644 --- a/translators.html +++ b/translators.html @@ -11,7 +11,7 @@ - phpMyAdmin 3.3.10.4 - Official translators + phpMyAdmin 3.3.10.5 - Official translators @@ -19,7 +19,7 @@