From 1e7bc7d691fa8abcdde87a70ed6cef6f30cbe107 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Fri, 20 Aug 2010 12:59:21 -0400 Subject: [PATCH 1/4] 3.3.6-rc1 --- Documentation.html | 4 ++-- README | 2 +- libraries/Config.class.php | 2 +- translators.html | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Documentation.html b/Documentation.html index bfe5bb7e3..3ef61da61 100644 --- a/Documentation.html +++ b/Documentation.html @@ -10,7 +10,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 - phpMyAdmin 3.3.6-dev - Documentation + phpMyAdmin 3.3.6-rc1 - Documentation @@ -18,7 +18,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 diff --git a/README b/README index 8be673ecd..141934b92 100644 --- a/README +++ b/README @@ -5,7 +5,7 @@ phpMyAdmin - Readme A set of PHP-scripts to manage MySQL over the web. - Version 3.3.6-dev + Version 3.3.6-rc1 ----------------- http://www.phpmyadmin.net/ diff --git a/libraries/Config.class.php b/libraries/Config.class.php index a6b1d8c2c..2dab78ded 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -92,7 +92,7 @@ class PMA_Config */ function checkSystem() { - $this->set('PMA_VERSION', '3.3.6-dev'); + $this->set('PMA_VERSION', '3.3.6-rc1'); /** * @deprecated */ diff --git a/translators.html b/translators.html index d78b68bc4..f4d3a4bab 100644 --- a/translators.html +++ b/translators.html @@ -11,7 +11,7 @@ - phpMyAdmin 3.3.6-dev - Official translators + phpMyAdmin 3.3.6-rc1 - Official translators @@ -19,7 +19,7 @@ From 9036ac09e3b5a835550ef62ebb1e1ba202728710 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Fri, 20 Aug 2010 13:03:13 -0400 Subject: [PATCH 2/4] 3.3.7-dev --- ChangeLog | 2 ++ Documentation.html | 4 ++-- README | 2 +- libraries/Config.class.php | 2 +- translators.html | 4 ++-- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 81670e91e..a21d0fd5f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ phpMyAdmin - ChangeLog $Id$ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $ +3.3.7.0 (not yet released) + 3.3.6.0 (not yet released) - bug #3033063 [core] Navi gets wrong db name - bug #3031705 [core] Fix generating condition for real numbers by comparing diff --git a/Documentation.html b/Documentation.html index bfe5bb7e3..95e940fed 100644 --- a/Documentation.html +++ b/Documentation.html @@ -10,7 +10,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 - phpMyAdmin 3.3.6-dev - Documentation + phpMyAdmin 3.3.7-dev - Documentation @@ -18,7 +18,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78 diff --git a/README b/README index 8be673ecd..bdcdd66aa 100644 --- a/README +++ b/README @@ -5,7 +5,7 @@ phpMyAdmin - Readme A set of PHP-scripts to manage MySQL over the web. - Version 3.3.6-dev + Version 3.3.7-dev ----------------- http://www.phpmyadmin.net/ diff --git a/libraries/Config.class.php b/libraries/Config.class.php index a6b1d8c2c..6ac9acab0 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -92,7 +92,7 @@ class PMA_Config */ function checkSystem() { - $this->set('PMA_VERSION', '3.3.6-dev'); + $this->set('PMA_VERSION', '3.3.7-dev'); /** * @deprecated */ diff --git a/translators.html b/translators.html index d78b68bc4..707b400e3 100644 --- a/translators.html +++ b/translators.html @@ -11,7 +11,7 @@ - phpMyAdmin 3.3.6-dev - Official translators + phpMyAdmin 3.3.7-dev - Official translators @@ -19,7 +19,7 @@ From a24e418527283936f09483e8cfcf8902c7409cbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Mon, 23 Aug 2010 17:02:15 +0200 Subject: [PATCH 3/4] Avoid PHP error when false is passed to PMA_DBI_getError. This can be caused by controllink set to false. --- libraries/dbi/mysql.dbi.lib.php | 6 ++++++ libraries/dbi/mysqli.dbi.lib.php | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/libraries/dbi/mysql.dbi.lib.php b/libraries/dbi/mysql.dbi.lib.php index 4750ee225..bf1611450 100644 --- a/libraries/dbi/mysql.dbi.lib.php +++ b/libraries/dbi/mysql.dbi.lib.php @@ -321,6 +321,12 @@ function PMA_DBI_get_client_info() function PMA_DBI_getError($link = null) { $GLOBALS['errno'] = 0; + + /* Treat false same as null because of controllink */ + if ($link === false) { + $link = null; + } + if (null === $link && isset($GLOBALS['userlink'])) { $link =& $GLOBALS['userlink']; diff --git a/libraries/dbi/mysqli.dbi.lib.php b/libraries/dbi/mysqli.dbi.lib.php index 9672385df..2c00bcdbc 100644 --- a/libraries/dbi/mysqli.dbi.lib.php +++ b/libraries/dbi/mysqli.dbi.lib.php @@ -379,6 +379,11 @@ function PMA_DBI_getError($link = null) { $GLOBALS['errno'] = 0; + /* Treat false same as null because of controllink */ + if ($link === false) { + $link = null; + } + if (null === $link && isset($GLOBALS['userlink'])) { $link =& $GLOBALS['userlink']; // Do not stop now. We still can get the error code From 133a77fac7d31a38703db2099a90c1b49de62e37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Mon, 23 Aug 2010 17:05:53 +0200 Subject: [PATCH 4/4] Escape backtrace listing to avoid possible XSS on this. --- libraries/Error.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/Error.class.php b/libraries/Error.class.php index 849287e43..9f0ae9a2c 100644 --- a/libraries/Error.class.php +++ b/libraries/Error.class.php @@ -319,7 +319,7 @@ class PMA_Error extends PMA_Message if (in_array($function, $include_functions)) { echo PMA_Error::relPath($arg); } elseif (is_scalar($arg)) { - echo gettype($arg) . ' ' . $arg; + echo gettype($arg) . ' ' . htmlspecialchars($arg); } else { echo gettype($arg); }