nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,112 Commits 1 Branch 0 Tags
c1fd1d8528b51e3a110176acfa6aff4550219927
Commit Graph

31 Commits

Author SHA1 Message Date
Marc Delisle
8ba543d012 fix for attack via FILES 2006-09-29 13:24:33 +00:00
Sebastian Mendel
44a0f36096 use PMA_getenv() 2006-04-11 14:33:17 +00:00
Sebastian Mendel
5bdcd33740 replaced $_SERVER with getenv() 2006-03-06 11:32:58 +00:00
Sebastian Mendel
5b9cab5a91 check magic_quotes only once in common.inc.php 2005-12-12 14:28:28 +00:00
Sebastian Mendel
e3ff258e16 moved stuff from grab_globals into common.inc.php (preprare removal of grab_globals) 
check/init global required variables like: $lang, $server, $db, $table, $convcharset, $goto
introduced $goto-whitelist
PEAR coding standard
 2005-12-12 12:48:00 +00:00
Marc Delisle
ee3825013d prepare removal of grab_globals 2005-12-11 13:06:02 +00:00
Michal Čihař
044b696570 Do not choke on arrays in $_SERVER array (bug #1370414). 2005-12-08 19:36:32 +00:00
Sebastian Mendel
5f3b086ed2 protect $import_blacklist from overwriting 2005-12-06 14:51:49 +00:00
Sebastian Mendel
af66555969 argh! now really! 2005-11-26 06:11:48 +00:00
Sebastian Mendel
9ec71beedf allow scripts to bypass importing vars 2005-11-26 06:08:07 +00:00
Sebastian Mendel
34b6eb346d - wrong check for empty 
- forgot to check $sanitize
 2005-11-17 13:53:06 +00:00
Sebastian Mendel
cae92ceb9f *REVERT* do not prevent import pma_* 2005-11-17 11:59:44 +00:00
Sebastian Mendel
34dae8c6d3 added variables starting with pma_, numeric or containing spaces to $import_blacklist 2005-11-17 11:29:15 +00:00
Sebastian Mendel
00736fef4a just to be sure: 
- clean/empty $GLOBALS with $variables_whitelist
- unset some vars after use
- check all superglobals that could be imported by register_globals=on
  for GLOBALS key (not only _REQUEST and _FILES )
- added $import_blacklist
- rewrote PMA_gpc_extract()
  - use $import_blacklist
  - documentation
 2005-11-17 09:45:12 +00:00
Sebastian Mendel
2d6e0f00d8 [XSS] clean $_SERVER variables 2005-10-27 17:03:36 +00:00
Marc Delisle
8fdd30964e security fix 2005-10-21 02:47:47 +00:00
Marc Delisle
694f7ef519 bug #1322871, local file inclusion 2005-10-11 13:36:37 +00:00
Sebastian Mendel
87764fc859 introducing sessions 2005-09-27 16:26:18 +00:00
Marc Delisle
80aecf6518 bugs 1248577 (incorrect message 'you should define a primary key') and 1253125 (request-URI too large) 2005-08-14 19:31:55 +00:00
Alexander M. Turek
94cdc26045 updated comment 2005-03-03 20:59:24 +00:00
Alexander M. Turek
e2a387ea5c bug #1153079 2005-03-03 20:32:45 +00:00
Alexander M. Turek
0aa14421f8 Fixed the fix 2005-02-24 17:30:02 +00:00
Alexander M. Turek
8f3bffcf4e bug #1149381 2005-02-23 11:34:47 +00:00
Alexander M. Turek
f90cbaf9ac Typo 2005-02-23 00:09:41 +00:00
Alexander M. Turek
4cbcd96081 bugs #1149381 and 1149383 2005-02-22 23:07:59 +00:00
Michal Čihař
1aaa89fa54 Little code reorganistaion (RFE #957308), removed some remaining php3 compatibility code in SQL parser. 2004-05-20 16:14:13 +00:00
Alexander M. Turek
37d50c1822 Huge set of optimizations, please test! 2003-11-26 22:52:25 +00:00
Garvin Hicking
8d1bfe6f3b Reverted some obfuscated RegExes. Nijel, as you where working on that: I removed the bugfixes you threw in for my faulty code because there where some issue left (for me): 
The lines

$re0 = '@(^|(\\\\\\\\)+|[^\\\\])'; // non-escaped wildcards
$re1 = '@(^|[^\])(\\\)+'; // escaped wildcards

as they currently where made no sense to me, because the single [^\] should be replaced to [^\\\\] as well, doesn't it? To not seriously break more stuff I decided to revert to the previous mechanism here.

I will do more serious tests the next days and will actually work with my PMA again and I pay close attention to see if there are any issues left.

I also searched through the code to see if the setting of the array points from former while() constructs was in any way used [current(), next(), prev(), key(), end(), each()] but did find none.
 2003-11-25 19:20:20 +00:00
Garvin Hicking
f0da471ec3 /libraries cleanup hopefully done. Double-Checked every change, my installation still works. ;) 
Will continue working on remaining files tomorrow and hope to make it to the end of the next day.
 2003-11-20 16:31:51 +00:00
Alexander M. Turek
197b293e7d Do not use $HTTP_*_VARS arrays anymore. 2003-11-19 11:07:23 +00:00
Michal Čihař
6884f9701a no more support for php3 2003-11-18 15:20:45 +00:00