nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- fixed XSS in server_status.php, thanks to Omer Singer, The DigiTrust Group

Browse Source 
- fixed some possible XSS with PHP_SELF (PATH_INFO)
This commit is contained in:
Sebastian Mendel
2007-10-16 07:09:50 +00:00
parent bdd2250124
commit c32d999eb1
6 changed files with 33 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
libraries/common.inc.php
View File

@@ -139,6 +139,21 @@ foreach ($GLOBALS as $key => $dummy) {
}
}
/**
* PATH_INFO could be compromised if set, so remove it from PHP_SELF
* and provide a clean PHP_SELF here
*/
$PMA_PHP_SELF = PMA_getenv('PHP_SELF');
$_PATH_INFO = PMA_getenv('PATH_INFO');
if (! empty($_PATH_INFO) && ! empty($PMA_PHP_SELF)) {
$path_info_pos = strrpos($PMA_PHP_SELF, $_PATH_INFO);
if ($path_info_pos + strlen($_PATH_INFO) === strlen($PMA_PHP_SELF)) {
$PMA_PHP_SELF = substr($PMA_PHP_SELF, 0, $path_info_pos);
}
}
$PMA_PHP_SELF = htmlspecialchars($PMA_PHP_SELF);
/**
* just to be sure there was no import (registering) before here
* we empty the global space
@@ -199,7 +214,7 @@ if (isset($_POST['usesubform'])) {
* track this
*/
if (isset($_POST['redirect'])
&& $_POST['redirect'] != basename(PMA_getenv('PHP_SELF'))) {
&& $_POST['redirect'] != basename($PMA_PHP_SELF)) {
$__redirect = $_POST['redirect'];
unset($_POST['redirect']);
}