From 6eae88e65f39347e480cf67008f3d98f19f47248 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Fri, 20 May 2011 13:02:23 -0400
Subject: [PATCH 1/7] 3.3.10.1

---
 Documentation.html         | 4 ++--
 README                     | 4 ++--
 libraries/Config.class.php | 2 +-
 translators.html           | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Documentation.html b/Documentation.html
index 5b596c18b..779703762 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -10,7 +10,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
     <link rel="icon" href="./favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>phpMyAdmin 3.3.10 - Documentation</title>
+    <title>phpMyAdmin 3.3.10.1 - Documentation</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
 
@@ -18,7 +18,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
 <div id="header">
     <h1>
         <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
-        3.3.10 
+        3.3.10.1 
         Documentation
     </h1>
 </div>
diff --git a/README b/README
index 00e24a8c0..3e821bfff 100644
--- a/README
+++ b/README
@@ -5,8 +5,8 @@ phpMyAdmin - Readme
 
   A set of PHP-scripts to manage MySQL over the web.
 
-  Version 3.3.10
-  --------------
+  Version 3.3.10.1
+  ----------------
   http://www.phpmyadmin.net/
 
     Copyright (C) 1998-2000 Tobias Ratschiller <tobias_at_ratschiller.com>
diff --git a/libraries/Config.class.php b/libraries/Config.class.php
index 1a5521d6d..614cc2eee 100644
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -92,7 +92,7 @@ class PMA_Config
      */
     function checkSystem()
     {
-        $this->set('PMA_VERSION', '3.3.10');
+        $this->set('PMA_VERSION', '3.3.10.1');
         /**
          * @deprecated
          */
diff --git a/translators.html b/translators.html
index 5882a084c..3238f6910 100644
--- a/translators.html
+++ b/translators.html
@@ -11,7 +11,7 @@
     <link rel="icon" href="./favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>phpMyAdmin 3.3.10 - Official translators</title>
+    <title>phpMyAdmin 3.3.10.1 - Official translators</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
 
@@ -19,7 +19,7 @@
 <div id="header">
     <h1>
         <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
-        3.3.10 
+        3.3.10.1 
         official translators list
     </h1>
 </div>

From 6e6e129f26295c83d67b74e202628a4b8bc49e54 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Wed, 29 Jun 2011 08:51:44 +0200
Subject: [PATCH 2/7] Fixed possible session corruption in swekey
 authentication

---
 ChangeLog                                 | 3 +++
 libraries/auth/swekey/swekey.auth.lib.php | 5 ++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f2075798b..f964eb094 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
 $Id$
 $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
 
+3.3.10.2 (not yet released)
+- [security] Fixed possible session corruption in swekey authentication
+
 3.3.10.1 (2011-05-20)
 - [security] XSS on Tracking page
 
diff --git a/libraries/auth/swekey/swekey.auth.lib.php b/libraries/auth/swekey/swekey.auth.lib.php
index 3dbad75d0..2a790c4d5 100644
--- a/libraries/auth/swekey/swekey.auth.lib.php
+++ b/libraries/auth/swekey/swekey.auth.lib.php
@@ -263,11 +263,10 @@ function Swekey_login($input_name, $input_go)
 	}
 }
 
-if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false)
+if (!empty($_GET['session_to_unset']))
 {
-    parse_str($_SERVER['QUERY_STRING']);
 	session_write_close();
-	session_id($session_to_unset);
+	session_id($_GET['session_to_unset']);
 	session_start();
 	$_SESSION = array();
 	session_write_close();

From 2e01647949df937040e73a94ce0bac0daecbdcf4 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Wed, 29 Jun 2011 13:02:00 +0200
Subject: [PATCH 3/7] Fixed possible code injection incase session variables
 are compromised

---
 ChangeLog                      | 1 +
 setup/lib/ConfigFile.class.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index f964eb094..d0cbb1d51 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 
 3.3.10.2 (not yet released)
 - [security] Fixed possible session corruption in swekey authentication
+- [security] Fixed possible code injection incase session variables are compromised 
 
 3.3.10.1 (2011-05-20)
 - [security] XSS on Tracking page
diff --git a/setup/lib/ConfigFile.class.php b/setup/lib/ConfigFile.class.php
index c0ff63daf..978eba33f 100644
--- a/setup/lib/ConfigFile.class.php
+++ b/setup/lib/ConfigFile.class.php
@@ -286,7 +286,7 @@ class ConfigFile
         if ($this->getServerCount() > 0) {
             $ret .= "/* Servers configuration */$crlf\$i = 0;" . $crlf . $crlf;
             foreach ($c['Servers'] as $id => $server) {
-                $ret .= '/* Server: ' . strtr($this->getServerName($id), '*/', '-') . " [$id] */" . $crlf
+                $ret .= '/* Server: ' . strtr($this->getServerName($id) . " [$id] ", '*/', '-') . "*/" . $crlf
                     . '$i++;' . $crlf;
                 foreach ($server as $k => $v) {
                     $k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);

From ca74f480f119a53ef07ca40d2ab28f063cc89ec9 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Thu, 30 Jun 2011 09:59:43 +0200
Subject: [PATCH 4/7] Fixed regexp quoting issue in Synchronize code

---
 ChangeLog                            | 1 +
 libraries/server_synchronize.lib.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index d0cbb1d51..a8a789820 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 3.3.10.2 (not yet released)
 - [security] Fixed possible session corruption in swekey authentication
 - [security] Fixed possible code injection incase session variables are compromised 
+- [security] Fixed regexp quoting issue in Synchronize code.
 
 3.3.10.1 (2011-05-20)
 - [security] XSS on Tracking page
diff --git a/libraries/server_synchronize.lib.php b/libraries/server_synchronize.lib.php
index 79948b9e8..646ef2591 100644
--- a/libraries/server_synchronize.lib.php
+++ b/libraries/server_synchronize.lib.php
@@ -624,7 +624,7 @@ function PMA_createTargetTables($src_db, $trg_db, $src_link, $trg_link, &$uncomm
         $Create_Query = PMA_DBI_fetch_value("SHOW CREATE TABLE " . PMA_backquote($src_db) . '.' . PMA_backquote($uncommon_tables[$table_index]), 0, 1, $src_link);
 
         // Replace the src table name with a `dbname`.`tablename`
-        $Create_Table_Query = preg_replace('/' . PMA_backquote($uncommon_tables[$table_index]) . '/', 
+        $Create_Table_Query = preg_replace('/' . preg_quote(PMA_backquote($uncommon_tables[$table_index]), '/') . '/', 
                                             PMA_backquote($trg_db) . '.' .PMA_backquote($uncommon_tables[$table_index]),
                                             $Create_Query,
                                             $limit = 1

From 911a83393e5b7064084fd140889d0fb2f3166b99 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Thu, 30 Jun 2011 12:34:16 +0200
Subject: [PATCH 5/7] Updated Changelog to add PMASA references

---
 ChangeLog | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a8a789820..73f036871 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,9 +6,9 @@ $Id$
 $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
 
 3.3.10.2 (not yet released)
-- [security] Fixed possible session corruption in swekey authentication
-- [security] Fixed possible code injection incase session variables are compromised 
-- [security] Fixed regexp quoting issue in Synchronize code.
+- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
+- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
+- [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7
 
 3.3.10.1 (2011-05-20)
 - [security] XSS on Tracking page

From 5ee357a572866e730d83f56d6187a67c7c48e523 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Thu, 30 Jun 2011 20:19:32 +0200
Subject: [PATCH 6/7] Fixed filtering of a file path, which allowed for
 directory traversal, see PMASA-2011-8

---
 ChangeLog                     | 1 +
 libraries/display_tbl.lib.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 73f036871..72a94a3eb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
 - [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7
+- [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8
 
 3.3.10.1 (2011-05-20)
 - [security] XSS on Tracking page
diff --git a/libraries/display_tbl.lib.php b/libraries/display_tbl.lib.php
index 7ef333d62..186ce3e56 100644
--- a/libraries/display_tbl.lib.php
+++ b/libraries/display_tbl.lib.php
@@ -1220,7 +1220,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
             if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
 
                 if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) {
-                    $include_file = $GLOBALS['mime_map'][$meta->name]['transformation'];
+                    $include_file = PMA_securePath($GLOBALS['mime_map'][$meta->name]['transformation']);
 
                     if (file_exists('./libraries/transformations/' . $include_file)) {
                         $transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']);

From ab31a2565f494c69e6b0d9a82a2932c7656592b5 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Sat, 2 Jul 2011 20:39:57 -0400
Subject: [PATCH 7/7] 3.3.10.2 release

---
 ChangeLog                  | 2 +-
 Documentation.html         | 4 ++--
 README                     | 2 +-
 libraries/Config.class.php | 2 +-
 translators.html           | 4 ++--
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 72a94a3eb..3816fdcb7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,7 +5,7 @@ phpMyAdmin - ChangeLog
 $Id$
 $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
 
-3.3.10.2 (not yet released)
+3.3.10.2 (2011-07-02)
 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
 - [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7
diff --git a/Documentation.html b/Documentation.html
index 779703762..89640a123 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -10,7 +10,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
     <link rel="icon" href="./favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>phpMyAdmin 3.3.10.1 - Documentation</title>
+    <title>phpMyAdmin 3.3.10.2 - Documentation</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
 
@@ -18,7 +18,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
 <div id="header">
     <h1>
         <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
-        3.3.10.1 
+        3.3.10.2 
         Documentation
     </h1>
 </div>
diff --git a/README b/README
index 3e821bfff..5bce68c4c 100644
--- a/README
+++ b/README
@@ -5,7 +5,7 @@ phpMyAdmin - Readme
 
   A set of PHP-scripts to manage MySQL over the web.
 
-  Version 3.3.10.1
+  Version 3.3.10.2
   ----------------
   http://www.phpmyadmin.net/
 
diff --git a/libraries/Config.class.php b/libraries/Config.class.php
index 614cc2eee..79a006b38 100644
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -92,7 +92,7 @@ class PMA_Config
      */
     function checkSystem()
     {
-        $this->set('PMA_VERSION', '3.3.10.1');
+        $this->set('PMA_VERSION', '3.3.10.2');
         /**
          * @deprecated
          */
diff --git a/translators.html b/translators.html
index 3238f6910..5ca266987 100644
--- a/translators.html
+++ b/translators.html
@@ -11,7 +11,7 @@
     <link rel="icon" href="./favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>phpMyAdmin 3.3.10.1 - Official translators</title>
+    <title>phpMyAdmin 3.3.10.2 - Official translators</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
 
@@ -19,7 +19,7 @@
 <div id="header">
     <h1>
         <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
-        3.3.10.1 
+        3.3.10.2 
         official translators list
     </h1>
 </div>