nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] Redirect external links to avoid Referer leakage.

Browse Source
This commit is contained in:
Michal Čihař
2011-01-28 13:13:22 +01:00
parent 87b0c30747
commit dc0c6938b2
15 changed files with 60 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -131,6 +131,7 @@
- [export] Better handling of export to PHP array. - [export] Better handling of export to PHP array.
- rfe #3158867 [privileges] No DROP DATABASE warning if you delete a user - rfe #3158867 [privileges] No DROP DATABASE warning if you delete a user
- [interface] Add link to documentation for status variables. - [interface] Add link to documentation for status variables.
- [security] Redirect external links to avoid Referer leakage.
3.3.10.0 (not yet released) 3.3.10.0 (not yet released)
- patch #3147400 [structure] Aria table size printed as unknown, - patch #3147400 [structure] Aria table size printed as unknown,

6
libraries/Message.class.php
View File

@@ -702,7 +702,11 @@ class PMA_Message
} }
} }
$message = preg_replace($pattern, '<a href="\1" target="\2">', $message); if (substr($found[1], 0, 4) == 'http') {
$message = preg_replace($pattern, '<a href="./url.php?url=\1" target="\2">', $message);
} else {
$message = preg_replace($pattern, '<a href="\1" target="\2">', $message);
}
} }
return $message; return $message;

2
libraries/auth/cookie.auth.lib.php
View File

@@ -192,7 +192,7 @@ if (top != self) {
?> ?>
<div class="container"> <div class="container">
<a href="http://www.phpmyadmin.net" target="_blank" class="logo"><?php <a href="./url.php?url=http://www.phpmyadmin.net" target="_blank" class="logo"><?php
$logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png'; $logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png';
if (@file_exists($logo_image)) { if (@file_exists($logo_image)) {
echo '<img src="' . $logo_image . '" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" />'; echo '<img src="' . $logo_image . '" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" />';

2
libraries/auth/swekey/swekey.auth.lib.php
View File

@@ -231,7 +231,7 @@ function Swekey_login($input_name, $input_go)
?> ?>
function open_swekey_site() function open_swekey_site()
{ {
window.open("http://phpmyadmin.net/auth_key"); window.open("./url.php?url=http://phpmyadmin.net/auth_key");
} }
var input_username = document.getElementById("<?php echo $input_name; ?>"); var input_username = document.getElementById("<?php echo $input_name; ?>");

12
libraries/blobstreaming.lib.php
View File

@@ -31,7 +31,7 @@ function initPBMSDatabase()
$query = "select * from $target.pbms_metadata_header"; // If it exists this table will not contain much $query = "select * from $target.pbms_metadata_header"; // If it exists this table will not contain much
} }
} }
$result = PMA_DBI_query($query ); $result = PMA_DBI_query($query );
if (! $result) { if (! $result) {
return FALSE; return FALSE;
@@ -106,7 +106,7 @@ function checkBLOBStreamingPlugins()
} }
unset($existing_plugins, $one_existing_plugin); unset($existing_plugins, $one_existing_plugin);
} }
// set variable indicating BS plugin existence // set variable indicating BS plugin existence
$PMA_Config->set('BLOBSTREAMING_PLUGINS_EXIST', $has_blobstreaming); $PMA_Config->set('BLOBSTREAMING_PLUGINS_EXIST', $has_blobstreaming);
@@ -296,7 +296,7 @@ function PMA_BS_IsPBMSReference($bs_reference, $db_name)
if (PMA_do_connect($db_name, FALSE) == FALSE) { if (PMA_do_connect($db_name, FALSE) == FALSE) {
return FALSE; return FALSE;
} }
$ok = pbms_is_blob_reference($bs_reference); $ok = pbms_is_blob_reference($bs_reference);
return $ok ; return $ok ;
} }
@@ -391,8 +391,8 @@ function PMA_BS_IsTablePBMSEnabled($db_name, $tbl_name, $tbl_type)
} }
// This information should be cached rather than selecting it each time. // This information should be cached rather than selecting it each time.
//$query = "SELECT count(*) FROM information_schema.TABLES T, pbms.pbms_enabled E where T.table_schema = ". PMA_backquote($db_name) . " and T.table_name = ". PMA_backquote($tbl_name) . " and T.engine = E.name"; //$query = "SELECT count(*) FROM information_schema.TABLES T, pbms.pbms_enabled E where T.table_schema = ". PMA_backquote($db_name) . " and T.table_name = ". PMA_backquote($tbl_name) . " and T.engine = E.name";
$query = "SELECT count(*) FROM pbms.pbms_enabled E where E.name = '" . PMA_sqlAddslashes($tbl_type) . "'"; $query = "SELECT count(*) FROM pbms.pbms_enabled E where E.name = '" . PMA_sqlAddslashes($tbl_type) . "'";
$result = PMA_DBI_query($query); $result = PMA_DBI_query($query);
$data = PMA_DBI_fetch_row($result); $data = PMA_DBI_fetch_row($result);
@@ -497,7 +497,7 @@ function PMA_BS_getURL($reference)
return FALSE; return FALSE;
} }
$bs_url = 'http://' . $bs_server . '/' . rtrim($reference); $bs_url = './url.php?url=http://' . $bs_server . '/' . rtrim($reference);
return $bs_url; return $bs_url;
} }

4
libraries/common.inc.php
View File

@@ -476,7 +476,9 @@ if (! PMA_isValid($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['
/* for playing blobstreamable media */ /* for playing blobstreamable media */
'media_type', 'custom_type', 'bs_reference', 'media_type', 'custom_type', 'bs_reference',
/* for changing BLOB repository file MIME type */ /* for changing BLOB repository file MIME type */
'bs_db', 'bs_table', 'bs_ref', 'bs_new_mime_type' 'bs_db', 'bs_table', 'bs_ref', 'bs_new_mime_type',
/* URL redirector */
'url'
); );
/** /**
* Require cleanup functions * Require cleanup functions

10
libraries/common.lib.php
View File

@@ -419,13 +419,13 @@ function PMA_showMySQLDocu($chapter, $link, $big_icon = false, $anchor = '', $ju
} }
if ($just_open) { if ($just_open) {
return '<a href="' . $url . '" target="mysql_doc">'; return '<a href="./url.php?url=' . $url . '" target="mysql_doc">';
} elseif ($big_icon) { } elseif ($big_icon) {
return '<a href="' . $url . '" target="mysql_doc"><img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_sqlhelp.png" width="16" height="16" alt="' . __('Documentation') . '" title="' . __('Documentation') . '" /></a>'; return '<a href="./url.php?url=' . $url . '" target="mysql_doc"><img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_sqlhelp.png" width="16" height="16" alt="' . __('Documentation') . '" title="' . __('Documentation') . '" /></a>';
} elseif ($GLOBALS['cfg']['ReplaceHelpImg']) { } elseif ($GLOBALS['cfg']['ReplaceHelpImg']) {
return '<a href="' . $url . '" target="mysql_doc"><img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_help.png" width="11" height="11" alt="' . __('Documentation') . '" title="' . __('Documentation') . '" /></a>'; return '<a href="./url.php?url=' . $url . '" target="mysql_doc"><img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_help.png" width="11" height="11" alt="' . __('Documentation') . '" title="' . __('Documentation') . '" /></a>';
} else { } else {
return '[<a href="' . $url . '" target="mysql_doc">' . __('Documentation') . '</a>]'; return '[<a href="./url.php?url=' . $url . '" target="mysql_doc">' . __('Documentation') . '</a>]';
} }
} // end of the 'PMA_showMySQLDocu()' function } // end of the 'PMA_showMySQLDocu()' function
@@ -2425,7 +2425,7 @@ function PMA_getDbLink($database = null)
function PMA_externalBug($functionality, $component, $minimum_version, $bugref) function PMA_externalBug($functionality, $component, $minimum_version, $bugref)
{ {
if ($component == 'mysql' && PMA_MYSQL_INT_VERSION < $minimum_version) { if ($component == 'mysql' && PMA_MYSQL_INT_VERSION < $minimum_version) {
echo PMA_showHint(sprintf(__('The %s functionality is affected by a known bug, see %s'), $functionality, 'http://bugs.mysql.com/' . $bugref)); echo PMA_showHint(sprintf(__('The %s functionality is affected by a known bug, see %s'), $functionality, './url.php?url=http://bugs.mysql.com/' . $bugref));
} }
} }

4
libraries/config/FormDisplay.class.php
View File

@@ -681,7 +681,7 @@ class FormDisplay
if ($test == 'Export') { if ($test == 'Export') {
$opt_name = substr($opt_name, 7); $opt_name = substr($opt_name, 7);
} }
return 'http://wiki.phpmyadmin.net/pma/Config#' . $opt_name; return './url.php?url=http://wiki.phpmyadmin.net/pma/Config#' . $opt_name;
} }
/** /**
@@ -774,4 +774,4 @@ class FormDisplay
} }
} }
} }
?> ?>

8
libraries/config/config_functions.lib.php
View File

@@ -91,10 +91,14 @@ function PMA_lang_link_replace($link, $text)
$separator = PMA_get_arg_separator('html'); $separator = PMA_get_arg_separator('html');
} }
if (!preg_match('#^http://#', $link)) { if (!preg_match('#^https?://#', $link)) {
$link = str_replace('&amp;', $separator, $link); $link = str_replace('&amp;', $separator, $link);
} elseif (defined('PMA_SETUP')) {
$link = '../url.php?url=' . $link;
} else {
$link = './url.php?url=' . $link;
} }
return '<a href="' . $link . '">' . $text . '</a>'; return '<a href="' . $link . '">' . $text . '</a>';
} }
?> ?>

2
libraries/display_export.lib.php
View File

@@ -235,7 +235,7 @@ if(isset($_GET['sql_query'])) {
} }
$message = new PMA_Message(__('This value is interpreted using %1$sstrftime%2$s, so you can use time formatting strings. Additionally the following transformations will happen: %3$s. Other text will be kept as is. See the %4$sFAQ%5$s for details.')); $message = new PMA_Message(__('This value is interpreted using %1$sstrftime%2$s, so you can use time formatting strings. Additionally the following transformations will happen: %3$s. Other text will be kept as is. See the %4$sFAQ%5$s for details.'));
$message->addParam('<a href="http://php.net/strftime" target="documentation" title="' $message->addParam('<a href="./url.php?url=http://php.net/strftime" target="documentation" title="'
. __('Documentation') . '">', false); . __('Documentation') . '">', false);
$message->addParam('</a>', false); $message->addParam('</a>', false);
$message->addParam($trans); $message->addParam($trans);

6
libraries/engines/pbms.lib.php
View File

@@ -91,15 +91,15 @@ class PMA_StorageEngine_pbms extends PMA_StorageEngine
function getPageDocumentation() function getPageDocumentation()
{ {
$output = '<p> Documentation and further information about PBMS can be found on ' . "\n" $output = '<p> Documentation and further information about PBMS can be found on ' . "\n"
. '<a href="http://www.blobstreaming.org/" target="_blank">The PrimeBase Media Streaming home page</a>.<br><br>' . "\n" . '<a href="./url.php?url=http://www.blobstreaming.org/" target="_blank">The PrimeBase Media Streaming home page</a>.<br><br>' . "\n"
. '<table id="PBMS_Related_Links" >' . "\n" . '<table id="PBMS_Related_Links" >' . "\n"
. '<tr>' . "\n" . '<tr>' . "\n"
. '<td>' . "\n" . '<td>' . "\n"
. '<p>' . "\n" . '<p>' . "\n"
. '<strong><font size="2"><b>Related Links</b></font></strong>' . "\n" . '<strong><font size="2"><b>Related Links</b></font></strong>' . "\n"
. '<br>' . "\n" . '<br>' . "\n"
. '<a href="http://bpbdev.blogspot.com/" target="_blank">The PrimeBase Media Streaming Blog by Barry Leslie</a><br><br>' . "\n" . '<a href="./url.php?url=http://bpbdev.blogspot.com/" target="_blank">The PrimeBase Media Streaming Blog by Barry Leslie</a><br><br>' . "\n"
. '<a href="http://www.primebase.com/xt" target="_blank">PrimeBase XT Home Page</a><br><br>' . "\n" . '<a href="./url.php?url=http://www.primebase.com/xt" target="_blank">PrimeBase XT Home Page</a><br><br>' . "\n"
. '</font>' . "\n" . '</font>' . "\n"
. '</td>' . "\n" . '</td>' . "\n"
. '</tr>' . "\n" . '</tr>' . "\n"

6
libraries/engines/pbxt.lib.php
View File

@@ -122,15 +122,15 @@ class PMA_StorageEngine_pbxt extends PMA_StorageEngine
function getPageDocumentation() function getPageDocumentation()
{ {
$output = '<p> Documentation and further information about PBXT can be found on the ' . "\n" $output = '<p> Documentation and further information about PBXT can be found on the ' . "\n"
. '<a href="http://www.primebase.com/xt/" target="_blank">PrimeBase XT Home Page</a>.<br><br>' . "\n" . '<a href="./url.php?url=http://www.primebase.com/xt/" target="_blank">PrimeBase XT Home Page</a>.<br><br>' . "\n"
. '<table id="PBMS_Related_Links" >' . "\n" . '<table id="PBMS_Related_Links" >' . "\n"
. '<tr>' . "\n" . '<tr>' . "\n"
. '<td>' . "\n" . '<td>' . "\n"
. '<p>' . "\n" . '<p>' . "\n"
. '<strong><font size="2"><b>Related Links</b></font></strong>' . "\n" . '<strong><font size="2"><b>Related Links</b></font></strong>' . "\n"
. '<br>' . "\n" . '<br>' . "\n"
. '<a href="http://pbxt.blogspot.com/" target="_blank">The PrimeBase XT Blog by Paul McCullagh</a><br><br>' . "\n" . '<a href="./url.php?url=http://pbxt.blogspot.com/" target="_blank">The PrimeBase XT Blog by Paul McCullagh</a><br><br>' . "\n"
. '<a href="http://www.blobstreaming.org/" target="_blank">The PrimeBase Media Streaming (PBMS) home page</a>.<br><br>' . "\n" . '<a href="./url.php?url=http://www.blobstreaming.org/" target="_blank">The PrimeBase Media Streaming (PBMS) home page</a>.<br><br>' . "\n"
. '</font>' . "\n" . '</font>' . "\n"
. '</td>' . "\n" . '</td>' . "\n"
. '</tr>' . "\n" . '</tr>' . "\n"

8
main.php
View File

@@ -210,16 +210,16 @@ echo '<h2>phpMyAdmin</h2>';
echo '<ul>'; echo '<ul>';
PMA_printListItem(__('Version information') . ': ' . PMA_VERSION, 'li_pma_version'); PMA_printListItem(__('Version information') . ': ' . PMA_VERSION, 'li_pma_version');
PMA_printListItem(__('Documentation'), 'li_pma_docs', 'Documentation.html', null, '_blank'); PMA_printListItem(__('Documentation'), 'li_pma_docs', 'Documentation.html', null, '_blank');
PMA_printListItem(__('Wiki'), 'li_pma_wiki', 'http://wiki.phpmyadmin.net', null, '_blank'); PMA_printListItem(__('Wiki'), 'li_pma_wiki', './url.php?url=http://wiki.phpmyadmin.net', null, '_blank');
// does not work if no target specified, don't know why // does not work if no target specified, don't know why
PMA_printListItem(__('Official Homepage'), 'li_pma_homepage', 'http://www.phpMyAdmin.net/', null, '_blank'); PMA_printListItem(__('Official Homepage'), 'li_pma_homepage', './url.php?url=http://www.phpMyAdmin.net/', null, '_blank');
?> ?>
<li><bdo xml:lang="en" dir="ltr"> <li><bdo xml:lang="en" dir="ltr">
[<a href="changelog.php" target="_blank">ChangeLog</a>] [<a href="changelog.php" target="_blank">ChangeLog</a>]
[<a href="http://phpmyadmin.git.sourceforge.net/git/gitweb-index.cgi" [<a href="./url.php?url=http://phpmyadmin.git.sourceforge.net/git/gitweb-index.cgi"
target="_blank">Git</a>] target="_blank">Git</a>]
[<a href="http://sourceforge.net/mail/?group_id=23067" [<a href="./url.php?url=http://sourceforge.net/mail/?group_id=23067"
target="_blank"><?php echo __('Mailing lists'); ?></a>] target="_blank"><?php echo __('Mailing lists'); ?></a>]
</bdo> </bdo>
</li> </li>

2
themes.php
View File

@@ -38,7 +38,7 @@ function takeThis(what){
<body id="bodythemes"> <body id="bodythemes">
<h1>phpMyAdmin - <?php echo __('Theme / Style'); ?></h1> <h1>phpMyAdmin - <?php echo __('Theme / Style'); ?></h1>
<p><a href="http://www.phpmyadmin.net/home_page/themes.php#pma_<?php echo preg_replace('/([0-9]*)\.([0-9]*)\..*/', '\1_\2', PMA_VERSION); ?>"><?php echo __('Get more themes!'); ?></a></p> <p><a href="./url.php?url=http://www.phpmyadmin.net/home_page/themes.php#pma_<?php echo preg_replace('/([0-9]*)\.([0-9]*)\..*/', '\1_\2', PMA_VERSION); ?>"><?php echo __('Get more themes!'); ?></a></p>
<?php <?php
$_SESSION['PMA_Theme_Manager']->printPreviews(); $_SESSION['PMA_Theme_Manager']->printPreviews();
?> ?>

18
url.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
/**
* URL redirector to avoid leaking Referer with some sensitive information.
*/
/**
* Gets core libraries and defines some variables
*/
require_once './libraries/common.inc.php';
PMA_checkParameters(array('url'));
if (! preg_match('/^https?:\/\/[^\n\r]*$/', $GLOBALS['url'])) {
header('Location: ' . $cfg['PmaAbsoluteUri']);
} else {
header('Location: ' . $GLOBALS['url']);
}
?>