nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first part of security fixes

Browse Source
This commit is contained in:
Marc Delisle
2006-09-26 19:23:24 +00:00
parent ea998c3766
commit b3906852bb
3 changed files with 21 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
libraries/common.lib.php
View File

@@ -2740,7 +2740,16 @@ if (get_magic_quotes_gpc()) {
PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true); PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);
} }
require_once './libraries/session.inc.php'; /**
* Check for numeric keys
* (if register_globals is on, we'll find a numeric key here)
*/
foreach ($GLOBALS as $key => $dummy) {
if (is_numeric($key)) {
die('numeric key detected');
}
}
/** /**
* include deprecated grab_globals only if required * include deprecated grab_globals only if required
@@ -2749,6 +2758,11 @@ if (empty($__redirect) && !defined('PMA_NO_VARIABLES_IMPORT')) {
require './libraries/grab_globals.lib.php'; require './libraries/grab_globals.lib.php';
} }
/**
* include session handling after the globals, to avoid overwriting
*/
require_once './libraries/session.inc.php';
/** /**
* init some variables LABEL_variables_init * init some variables LABEL_variables_init
*/ */
@@ -2862,7 +2876,7 @@ if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
* Check whether user supplied token is valid, if not remove any * Check whether user supplied token is valid, if not remove any
* possibly dangerous stuff from request. * possibly dangerous stuff from request.
*/ */
if (!isset($_REQUEST['token']) || $_SESSION['PMA_token'] != $_REQUEST['token']) { if (!isset($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) {
/* List of parameters which are allowed from unsafe source */ /* List of parameters which are allowed from unsafe source */
$allow_list = array( $allow_list = array(
'db', 'table', 'lang', 'server', 'convcharset', 'collation_connection', 'target', 'db', 'table', 'lang', 'server', 'convcharset', 'collation_connection', 'target',

5
libraries/session.inc.php
View File

@@ -84,9 +84,10 @@ ini_set('session.save_handler', 'files');
/** /**
* Token which is used for authenticating access queries. * Token which is used for authenticating access queries.
* (we use "space PMA_token space" to prevent overwriting)
*/ */
if (!isset($_SESSION['PMA_token'])) { if (!isset($_SESSION[' PMA_token '])) {
$_SESSION['PMA_token'] = md5(uniqid(rand(), true)); $_SESSION[' PMA_token '] = md5(uniqid(rand(), true));
} }
/** /**

4
libraries/url_generating.lib.php
View File

@@ -64,7 +64,7 @@ function PMA_generate_common_hidden_inputs($db = '', $table = '', $indent = 0, $
$params['collation_connection'] = $GLOBALS['collation_connection']; $params['collation_connection'] = $GLOBALS['collation_connection'];
} }
$params['token'] = $_SESSION['PMA_token']; $params['token'] = $_SESSION[' PMA_token '];
if (! is_array($skip)) { if (! is_array($skip)) {
if (isset($params[$skip])) { if (isset($params[$skip])) {
@@ -182,7 +182,7 @@ function PMA_generate_common_url ($db = '', $table = '', $delim = '&')
$params['collation_connection'] = $GLOBALS['collation_connection']; $params['collation_connection'] = $GLOBALS['collation_connection'];
} }
$params['token'] = $_SESSION['PMA_token']; $params['token'] = $_SESSION[' PMA_token '];
$param_strings = array(); $param_strings = array();
foreach ($params as $key => $val) { foreach ($params as $key => $val) {