nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'MAINT_2_11_10' into QA_2_11

Browse Source 
Conflicts:
	ChangeLog
	Documentation.html
	README
	libraries/Config.class.php
	translators.html
This commit is contained in:
Michal Čihař
2010-08-20 13:32:34 +02:00
parent 8ae41bbc02 b1cb5590ee
commit c1865ca7b8
14 changed files with 70 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@@ -8,6 +8,11 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
2.11.11.0 (not yet released)
- [core] Fix broken cleanup of $_GET
2.11.10.1 (2010-08-20)
- [setup] Fixed output sanitizing in setup script, see PMASA-2010-4 for
more details.
- [core] Fixed various XSS issues, see PMASA-2010-5 for more details.
2.11.10.0 (2009-12-07)
- [core] safer handling of temporary files with open_basedir (thanks to Thijs
Kinkhorst)

2
db_sql.php
View File

@@ -36,7 +36,7 @@ if ($num_tables == 0 && empty($db_query_force)) {
/**
* Query box, bookmark, insert data from textfile
*/
PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? $_REQUEST['delimiter'] : ';');
PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? htmlspecialchars($_REQUEST['delimiter']) : ';');
/**
* Displays the footer

10
error.php
View File

@@ -73,10 +73,14 @@ header('Content-Type: text/html; charset=' . $charset);
<body>
<h1>phpMyAdmin - <?php echo $type; ?></h1>
<p><?php
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
echo PMA_sanitize(stripslashes($_REQUEST['error']));
if (!empty($_REQUEST['error'])) {
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
echo PMA_sanitize(stripslashes($_REQUEST['error']));
} else {
echo PMA_sanitize($_REQUEST['error']);
}
} else {
echo PMA_sanitize($_REQUEST['error']);
echo 'No error message!';
}
?></p>
</body>

9
libraries/common.lib.php
View File

@@ -473,7 +473,7 @@ function PMA_mysqlDie($error_message = '', $the_query = '',
$formatted_sql = '';
} else {
if (strlen($the_query) > $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) {
$formatted_sql = substr($the_query, 0, $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) . '[...]';
$formatted_sql = htmlspecialchars(substr($the_query, 0, $GLOBALS['cfg']['MaxCharactersInDisplayedSQL'])) . '[...]';
} else {
$formatted_sql = PMA_formatSql(PMA_SQP_parse($the_query), $the_query);
}
@@ -622,22 +622,23 @@ function PMA_convert_using($string, $mode='unquoted', $force_utf8 = false)
function PMA_sendHeaderLocation($uri)
{
if (PMA_IS_IIS && strlen($uri) > 600) {
require_once './libraries/js_escape.lib.php';
echo '<html><head><title>- - -</title>' . "\n";
echo '<meta http-equiv="expires" content="0">' . "\n";
echo '<meta http-equiv="Pragma" content="no-cache">' . "\n";
echo '<meta http-equiv="Cache-Control" content="no-cache">' . "\n";
echo '<meta http-equiv="Refresh" content="0;url=' .$uri . '">' . "\n";
echo '<meta http-equiv="Refresh" content="0;url=' . htmlspecialchars($uri) . '">' . "\n";
echo '<script type="text/javascript">' . "\n";
echo '//<![CDATA[' . "\n";
echo 'setTimeout("window.location = unescape(\'"' . $uri . '"\')", 2000);' . "\n";
echo 'setTimeout("window.location = unescape(\'"' . PMA_escapeJsString($uri) . '"\')", 2000);' . "\n";
echo '//]]>' . "\n";
echo '</script>' . "\n";
echo '</head>' . "\n";
echo '<body>' . "\n";
echo '<script type="text/javascript">' . "\n";
echo '//<![CDATA[' . "\n";
echo 'document.write(\'<p><a href="' . $uri . '">' . $GLOBALS['strGo'] . '</a></p>\');' . "\n";
echo 'document.write(\'<p><a href="' . htmlspecialchars($uri) . '">' . $GLOBALS['strGo'] . '</a></p>\');' . "\n";
echo '//]]>' . "\n";
echo '</script></body></html>' . "\n";

4
libraries/database_interface.lib.php
View File

@@ -208,6 +208,10 @@ function PMA_usort_comparison_callback($a, $b)
} else {
$sorter = 'strcasecmp';
}
/* No sorting when key is not present */
if (!isset($a[$GLOBALS['callback_sort_by']]) || ! isset($b[$GLOBALS['callback_sort_by']])) {
return 0;
}
// produces f.e.:
// return -1 * strnatcasecmp($a["SCHEMA_TABLES"], $b["SCHEMA_TABLES"])
return ($GLOBALS['callback_sort_order'] == 'ASC' ? 1 : -1) * $sorter($a[$GLOBALS['callback_sort_by']], $b[$GLOBALS['callback_sort_by']]);

2
libraries/dbi/mysql.dbi.lib.php
View File

@@ -300,6 +300,8 @@ function PMA_DBI_getError($link = null)
$error_message = PMA_DBI_convert_message($error_message);
}
$error_message = htmlspecialchars($error_message);
// Some errors messages cannot be obtained by mysql_error()
if ($error_number == 2002) {
$error = '#' . ((string) $error_number) . ' - ' . $GLOBALS['strServerNotResponding'] . ' ' . $GLOBALS['strSocketProblem'];

2
libraries/dbi/mysqli.dbi.lib.php
View File

@@ -417,6 +417,8 @@ function PMA_DBI_getError($link = null)
$error_message = PMA_DBI_convert_message($error_message);
}
$error_message = htmlspecialchars($error_message);
if ($error_number == 2002) {
$error = '#' . ((string) $error_number) . ' - ' . $GLOBALS['strServerNotResponding'] . ' ' . $GLOBALS['strSocketProblem'];
} elseif (defined('PMA_MYSQL_INT_VERSION') && PMA_MYSQL_INT_VERSION >= 40100) {

17
libraries/sanitizing.lib.php
View File

@@ -7,17 +7,26 @@
/**
* Sanitizes $message, taking into account our special codes
* for formatting
* for formatting.
*
* If you want to include result in element attribute, you should escape it.
*
* Examples:
*
* <p><?php echo PMA_sanitize($foo); ?></p>
*
* <a title="<?php echo PMA_sanitize($foo, true); ?>">bar</a>
*
* @uses preg_replace()
* @uses strtr()
* @param string the message
* @param boolean whether to escape html in result
*
* @return string the sanitized message
*
* @access public
*/
function PMA_sanitize($message)
function PMA_sanitize($message, $escape = false)
{
$replace_pairs = array(
'<' => '&lt;',
@@ -65,6 +74,10 @@ function PMA_sanitize($message)
$message = preg_replace($pattern, '<a href="\1" target="\2">', $message);
}
if ($escape) {
$message = htmlspecialchars($message);
}
return $message;
}
?>

2
libraries/sqlparser.lib.php
View File

@@ -2425,7 +2425,7 @@ if (! defined('PMA_MINIMUM_COMMON')) {
}
$after .= "\n";
*/
$str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : $arr[$i]['data']). $after;
$str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : htmlspecialchars($arr[$i]['data'])). $after;
} // end for
if ($mode=='color') {
$str .= '</span>';

1
scripts/setup.php
View File

@@ -518,6 +518,7 @@ function get_cfg_val($name, $val) {
}
}
if ($type == 'string') {
$k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);
$ret .= get_cfg_val($name . "['$k']", $v);
} elseif ($type == 'int') {
$ret .= ' ' . PMA_var_export($v) . ',' . $crlf;

6
server_databases.php
View File

@@ -287,11 +287,11 @@ if ($databases_count > 0) {
unset($column_order, $stat_name, $stat, $databases, $table_columns);
if ($is_superuser || $cfg['AllowUserDropDatabase']) {
$common_url_query = PMA_generate_common_url() . '&amp;sort_by=' . $sort_by . '&amp;sort_order=' . $sort_order . '&amp;dbstats=' . $dbstats;
$common_url_query = PMA_generate_common_url(array('sort_by' => $sort_by, 'sort_order' => $sort_order, 'dbstats' => $dbstats));
echo '<img class="selectallarrow" src="' . $pmaThemeImage . 'arrow_' . $text_dir . '.png" width="38" height="22" alt="' . $strWithChecked . '" />' . "\n"
. '<a href="./server_databases.php?' . $common_url_query . '&amp;checkall=1" onclick="if (markAllRows(\'tabledatabases\')) return false;">' . "\n"
. '<a href="./server_databases.php' . $common_url_query . '&amp;checkall=1" onclick="if (markAllRows(\'tabledatabases\')) return false;">' . "\n"
. ' ' . $strCheckAll . '</a> / ' . "\n"
. '<a href="./server_databases.php?' . $common_url_query . '" onclick="if (unMarkAllRows(\'tabledatabases\')) return false;">' . "\n"
. '<a href="./server_databases.php' . $common_url_query . '" onclick="if (unMarkAllRows(\'tabledatabases\')) return false;">' . "\n"
. ' ' . $strUncheckAll . '</a>' . "\n"
. '<i>' . $strWithChecked . '</i>' . "\n";
PMA_buttonOrImage('drop_selected_dbs', 'mult_submit', 'drop_selected_dbs', $strDrop, 'b_deltbl.png');

32
server_privileges.php
View File

@@ -602,7 +602,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0) {
. $spaces . ' <option value="userdefined"' . ((!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined') ? ' selected="selected"' : '') . '>' . $GLOBALS['strUseTextField'] . ':</option>' . "\n"
. $spaces . ' </select>' . "\n"
. $spaces . '</span>' . "\n"
. $spaces . '<input type="text" name="username" maxlength="' . $username_length . '" title="' . $GLOBALS['strUserName'] . '"' . (empty($GLOBALS['username']) ? '' : ' value="' . (isset($GLOBALS['new_username']) ? $GLOBALS['new_username'] : $GLOBALS['username']) . '"') . ' onchange="pred_username.value = \'userdefined\';" />' . "\n"
. $spaces . '<input type="text" name="username" maxlength="' . $username_length . '" title="' . $GLOBALS['strUserName'] . '"' . (empty($GLOBALS['username']) ? '' : ' value="' . htmlspecialchars(isset($GLOBALS['new_username']) ? $GLOBALS['new_username'] : $GLOBALS['username']) . '"') . ' onchange="pred_username.value = \'userdefined\';" />' . "\n"
. $spaces . '</div>' . "\n"
. $spaces . '<div class="item">' . "\n"
. $spaces . '<label for="select_pred_hostname">' . "\n"
@@ -650,7 +650,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0) {
. $spaces . ' <option value="userdefined"' . ((isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'userdefined') ? ' selected="selected"' : '') . '>' . $GLOBALS['strUseTextField'] . ':</option>' . "\n"
. $spaces . ' </select>' . "\n"
. $spaces . '</span>' . "\n"
. $spaces . '<input type="text" name="hostname" maxlength="' . $hostname_length . '" value="' . (isset($GLOBALS['hostname']) ? $GLOBALS['hostname'] : '') . '" title="' . $GLOBALS['strHost'] . '" onchange="pred_hostname.value = \'userdefined\';" />' . "\n"
. $spaces . '<input type="text" name="hostname" maxlength="' . $hostname_length . '" value="' . htmlspecialchars(isset($GLOBALS['hostname']) ? $GLOBALS['hostname'] : '') . '" title="' . $GLOBALS['strHost'] . '" onchange="pred_hostname.value = \'userdefined\';" />' . "\n"
. $spaces . '</div>' . "\n"
. $spaces . '<div class="item">' . "\n"
. $spaces . '<label for="select_pred_password">' . "\n"
@@ -757,14 +757,14 @@ if (!empty($adduser_submit) || !empty($change_copy)) {
if (PMA_DBI_num_rows($res) == 1) {
PMA_DBI_free_result($res);
$message = sprintf($GLOBALS['strUserAlreadyExists'], '[i]\'' . $username . '\'@\'' . $hostname . '\'[/i]');
$message = sprintf($GLOBALS['strUserAlreadyExists'], '[i]\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'[/i]');
$adduser = 1;
} else {
PMA_DBI_free_result($res);
if (50002 <= PMA_MYSQL_INT_VERSION) {
// MySQL 5 requires CREATE USER before any GRANT on this user can done
$create_user_real = 'CREATE USER \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';
$create_user_real = 'CREATE USER \'' . PMA_sqlAddslashes($username) . '\'@\'' . htmlspecialchars($hostname) . '\'';
}
$real_sql_query =
@@ -1048,7 +1048,7 @@ if (!empty($update_privs)) {
$sql_query = (isset($sql_query0) ? $sql_query0 . ' ' : '')
. (isset($sql_query1) ? $sql_query1 . ' ' : '')
. $sql_query2;
$message = sprintf($GLOBALS['strUpdatePrivMessage'], '\'' . $username . '\'@\'' . $hostname . '\'');
$message = sprintf($GLOBALS['strUpdatePrivMessage'], '\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
}
@@ -1080,7 +1080,7 @@ if (!empty($revokeall)) {
unset($sql_query1);
}
$sql_query = $sql_query0 . (isset($sql_query1) ? ' ' . $sql_query1 : '');
$message = sprintf($GLOBALS['strRevokeMessage'], '\'' . $username . '\'@\'' . $hostname . '\'');
$message = sprintf($GLOBALS['strRevokeMessage'], '\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
if (! isset($tablename) || ! strlen($tablename)) {
unset($dbname);
} else {
@@ -1115,7 +1115,7 @@ if (!empty($change_pw)) {
$sql_query = 'SET PASSWORD FOR \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $pma_pw) . '\')');
$local_query = 'SET PASSWORD FOR \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddslashes($pma_pw) . '\')');
PMA_DBI_try_query($local_query) or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, FALSE, $err_url);
$message = sprintf($GLOBALS['strPasswordChanged'], '\'' . $username . '\'@\'' . $hostname . '\'');
$message = sprintf($GLOBALS['strPasswordChanged'], '\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
}
}
@@ -1588,17 +1588,17 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
echo '<h2>' . "\n"
. ($GLOBALS['cfg']['PropertiesIconic'] ? '<img class="icon" src="' . $pmaThemeImage . 'b_usredit.png" width="16" height="16" alt="" />' : '')
. $GLOBALS['strUser'] . ' <i><a href="server_privileges.php?' . $GLOBALS['url_query'] . '&amp;username=' . urlencode($username) . '&amp;hostname=' . urlencode($hostname) . '">\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'</a></i>' . "\n";
. $GLOBALS['strUser'] . ' <i><a href="server_privileges.php?' . $GLOBALS['url_query'] . '&amp;username=' . htmlspecialchars(urlencode($username)) . '&amp;hostname=' . htmlspecialchars(urlencode($hostname)) . '">\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'</a></i>' . "\n";
if (isset($dbname) && strlen($dbname)) {
if ($dbname_is_wildcard) {
echo ' - ' . $GLOBALS['strDatabases'];
} else {
echo ' - ' . $GLOBALS['strDatabase'];
}
$url_dbname = urlencode(str_replace('\_', '_', $dbname));
$url_dbname = htmlspecialchars(urlencode(str_replace('\_', '_', $dbname)));
echo ' <i><a href="' . $GLOBALS['cfg']['DefaultTabDatabase'] . '?' . $GLOBALS['url_query'] . '&amp;db=' . $url_dbname . '&amp;reload=1">' . htmlspecialchars($dbname) . '</a></i>' . "\n";
if (isset($tablename) && strlen($tablename)) {
echo ' - ' . $GLOBALS['strTable'] . ' <i><a href="' . $GLOBALS['cfg']['DefaultTabTable'] . '?' . $GLOBALS['url_query'] . '&amp;db=' . $url_dbname . '&amp;table=' . urlencode($tablename) . '&amp;reload=1">' . htmlspecialchars($tablename) . '</a></i>' . "\n";
echo ' - ' . $GLOBALS['strTable'] . ' <i><a href="' . $GLOBALS['cfg']['DefaultTabTable'] . '?' . $GLOBALS['url_query'] . '&amp;db=' . $url_dbname . '&amp;table=' . htmlspecialchars(urlencode($tablename)) . '&amp;reload=1">' . htmlspecialchars($tablename) . '</a></i>' . "\n";
}
unset($url_dbname);
}
@@ -1839,16 +1839,16 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
}
echo '</td>' . "\n"
. ' <td>';
printf($link_edit, urlencode($username),
urlencode($hostname),
urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname),
printf($link_edit, htmlspecialchars(urlencode($username)),
htmlspecialchars(urlencode($hostname)),
htmlspecialchars(urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname)),
urlencode((! isset($dbname) || ! strlen($dbname)) ? '' : $row['Table_name']));
echo '</td>' . "\n"
. ' <td>';
if (! empty($row['can_delete']) || isset($row['Table_name']) && strlen($row['Table_name'])) {
printf($link_revoke, urlencode($username),
urlencode($hostname),
urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname),
printf($link_revoke, htmlspecialchars(urlencode($username)),
htmlspecialchars(urlencode($hostname)),
htmlspecialchars(urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname)),
urlencode((! isset($dbname) || ! strlen($dbname)) ? '' : $row['Table_name']));
}
echo '</td>' . "\n"

14
sql.php
View File

@@ -175,14 +175,14 @@ if ($do_confirm) {
.PMA_generate_common_hidden_inputs($db, $table);
?>
<input type="hidden" name="sql_query" value="<?php echo htmlspecialchars($sql_query); ?>" />
<input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? PMA_sanitize($zero_rows) : ''; ?>" />
<input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? PMA_sanitize($zero_rows, true) : ''; ?>" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" />
<input type="hidden" name="back" value="<?php echo isset($back) ? PMA_sanitize($back) : ''; ?>" />
<input type="hidden" name="reload" value="<?php echo isset($reload) ? PMA_sanitize($reload) : 0; ?>" />
<input type="hidden" name="purge" value="<?php echo isset($purge) ? PMA_sanitize($purge) : ''; ?>" />
<input type="hidden" name="cpurge" value="<?php echo isset($cpurge) ? PMA_sanitize($cpurge) : ''; ?>" />
<input type="hidden" name="purgekey" value="<?php echo isset($purgekey) ? PMA_sanitize($purgekey) : ''; ?>" />
<input type="hidden" name="show_query" value="<?php echo isset($show_query) ? PMA_sanitize($show_query) : ''; ?>" />
<input type="hidden" name="back" value="<?php echo isset($back) ? PMA_sanitize($back, true) : ''; ?>" />
<input type="hidden" name="reload" value="<?php echo isset($reload) ? PMA_sanitize($reload, true) : 0; ?>" />
<input type="hidden" name="purge" value="<?php echo isset($purge) ? PMA_sanitize($purge, true) : ''; ?>" />
<input type="hidden" name="cpurge" value="<?php echo isset($cpurge) ? PMA_sanitize($cpurge, true) : ''; ?>" />
<input type="hidden" name="purgekey" value="<?php echo isset($purgekey) ? PMA_sanitize($purgekey, true) : ''; ?>" />
<input type="hidden" name="show_query" value="<?php echo isset($show_query) ? PMA_sanitize($show_query, true) : ''; ?>" />
<?php
echo '<fieldset class="confirmation">' . "\n"
.' <legend>' . $strDoYouReally . '</legend>'

2
tbl_sql.php
View File

@@ -37,7 +37,7 @@ require_once './libraries/tbl_links.inc.php';
/**
* Query box, bookmark, insert data from textfile
*/
PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? $_REQUEST['delimiter'] : ';');
PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? htmlspecialchars($_REQUEST['delimiter']) : ';');
/**
* Displays the footer