Changeset 1850

Timestamp:

07/04/09 10:34:43 (3 years ago)

Author:

tomdooley

Message:

Fixed #1878: Updated phpMyAdmin to version 3.2.0.1

Location:

trunk

Files:

• CHANGELOG (modified) (1 diff)
• gui/tools/pma/ChangeLog (modified) (2 diffs)
• gui/tools/pma/Documentation.html (modified) (3 diffs)
• gui/tools/pma/Documentation.txt (modified) (2 diffs)
• gui/tools/pma/README (modified) (2 diffs)
• gui/tools/pma/RELEASE-DATE-3.2.0 (deleted)
• gui/tools/pma/RELEASE-DATE-3.2.0.1 (added)
• gui/tools/pma/libraries/Config.class.php (modified) (2 diffs)
• gui/tools/pma/libraries/auth/swekey/swekey.auth.lib.php (modified) (14 diffs)
• gui/tools/pma/libraries/common.lib.php (modified) (2 diffs)
• gui/tools/pma/sql.php (modified) (2 diffs)
• gui/tools/pma/translators.html (modified) (3 diffs)

trunk/CHANGELOG

@@ -1 +1 @@
 ispCP ω 1.0.1 Changelog
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+2009-07-04 Thomas Wacker
+        - TOOLS:
+                * Fixed #1878: Updated phpMyAdmin to version 3.2.0.1
 
 2009-07-02 Thomas Wacker

trunk/gui/tools/pma/ChangeLog

@@ -3 +3 @@
 ----------------------
 
-$Id: ChangeLog 12576 2009-06-15 15:30:30Z lem9 $
+$Id: ChangeLog 12608 2009-06-30 10:48:08Z lem9 $
 $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
+
+3.2.0.1 (2009-06-30)
+- [security] XSS: Insufficient output sanitizing in bookmarks 
 
 3.2.0.0 (2009-06-15)
@@ -10 +13 @@
 + rfe #2127987 warn when session.gc_maxlifetime is less than cookie validity
 + rfe #2100910 configurable default charset for import
-+ rfe #1913541 link to InnoDB status when error 1005 occurs
++ rfe #1913541 link to InnoDB status when error 150 occurs
 + rfe #1927189 strip ` from column names on import
 + rfe #1821619 LeftFrameDBSeparator can be an array

trunk/gui/tools/pma/Documentation.html

@@ -6 +6 @@
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US"
     version="-//W3C//DTD XHTML 1.1//EN" dir="ltr">
-<!-- $Id: Documentation.html 12576 2009-06-15 15:30:30Z lem9 $ -->
+<!-- $Id: Documentation.html 12609 2009-06-30 10:52:07Z lem9 $ -->
 <head>
     <link rel="icon" href="./favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>phpMyAdmin 3.2.0 - Documentation</title>
+    <title>phpMyAdmin 3.2.0.1 - Documentation</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
@@ -19 +19 @@
     <h1>
         <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
-        3.2.0
+        3.2.0.1
         Documentation
     </h1>
@@ -55 +55 @@
     </li>
     <li>Documentation version:
-        <i>$Id: Documentation.html 12576 2009-06-15 15:30:30Z lem9 $</i>
+        <i>$Id: Documentation.html 12609 2009-06-30 10:52:07Z lem9 $</i>
     </li>
 </ul>

trunk/gui/tools/pma/Documentation.txt

@@ -1 @@
-phpMyAdmin 3.2.0 Documentation
+phpMyAdmin 3.2.0.1 Documentation
 
   * Top
@@ -21 +21 @@
       + Version history: ChangeLog
       + License: LICENSE
-  * Documentation version: $Id: Documentation.html 12576 2009-06-15 15:30:30Z
+  * Documentation version: $Id: Documentation.html 12609 2009-06-30 10:52:07Z
     lem9 $
 

trunk/gui/tools/pma/README

@@ -1 @@
-$Id: README 12576 2009-06-15 15:30:30Z lem9 $
+$Id: README 12609 2009-06-30 10:52:07Z lem9 $
 
 phpMyAdmin - Readme
@@ -6 +6 @@
   A set of PHP-scripts to manage MySQL over the web.
 
-  Version 3.2.0
-  -------------
+  Version 3.2.0.1
+  ---------------
   http://www.phpmyadmin.net/
 

trunk/gui/tools/pma/libraries/Config.class.php

@@ -4 +4 @@
  *
  *
- * @version $Id: Config.class.php 12576 2009-06-15 15:30:30Z lem9 $
+ * @version $Id: Config.class.php 12609 2009-06-30 10:52:07Z lem9 $
  * @package phpMyAdmin
  */
@@ -93 +93 @@
     function checkSystem()
     {
-        $this->set('PMA_VERSION', '3.2.0');
+        $this->set('PMA_VERSION', '3.2.0.1');
         /**
          * @deprecated

trunk/gui/tools/pma/libraries/auth/swekey/swekey.auth.lib.php

@@ -1 +1 @@
 <?php
- 
+/**
+ * @package Swekey
+ */
+
+/**
+ * Checks Swekey authentication.
+ */
 function Swekey_auth_check()
 {
@@ -9 +15 @@
         $_SESSION['SWEKEY'] = array();
     }
-    
+
     $_SESSION['SWEKEY']['ENABLED'] = (! empty($confFile) && file_exists($confFile));
 
@@ -18 +24 @@
         $valid_swekeys = split("\n",@file_get_contents($confFile));
         foreach ($valid_swekeys as $line) {
-            if (preg_match("/^[0-9A-F]{32}:.+$/", $line) != false)    
-                        {  
+            if (preg_match("/^[0-9A-F]{32}:.+$/", $line) != false)
+                        {
                                 $items = explode(":", $line);
                                 if (count($items) == 2)
-                    $_SESSION['SWEKEY']['VALID_SWEKEYS'][$items[0]] = trim($items[1]); 
-                        }  
+                    $_SESSION['SWEKEY']['VALID_SWEKEYS'][$items[0]] = trim($items[1]);
+                        }
             else if (preg_match("/^[A-Z_]+=.*$/", $line) != false) {
                 $items = explode("=", $line);
                 $_SESSION['SWEKEY']['CONF_'.trim($items[0])] = trim($items[1]);
-            }      
-        }
-        
+            }
+        }
+
         // Set default values for settings
         if (! isset($_SESSION['SWEKEY']['CONF_SERVER_CHECK']))
-                $_SESSION['SWEKEY']['CONF_SERVER_CHECK'] = "";        
+                $_SESSION['SWEKEY']['CONF_SERVER_CHECK'] = "";
         if (! isset($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']))
                 $_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN'] = "";
@@ -42 +48 @@
                 $_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE'] = true;
         if (! isset($_SESSION['SWEKEY']['CONF_DEBUG']))
-            $_SESSION['SWEKEY']['CONF_DEBUG'] = false; 
+            $_SESSION['SWEKEY']['CONF_DEBUG'] = false;
      }
 
     // check if a web key has been authenticated
-    if ($_SESSION['SWEKEY']['ENABLED']) {       
+    if ($_SESSION['SWEKEY']['ENABLED']) {
         if (empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']))
-           return false;        
+           return false;
         }
-        
+
         return true;
 }
 
 
+/**
+ * Handle Swekey authentication error.
+ */
 function Swekey_auth_error()
 {
-    if (! isset($_SESSION['SWEKEY'])) 
+    if (! isset($_SESSION['SWEKEY']))
         return null;
 
-        if (! $_SESSION['SWEKEY']['ENABLED']) 
+        if (! $_SESSION['SWEKEY']['ENABLED'])
         return null;
 
@@ -69 +78 @@
     function Swekey_GetValidKey()
         {
-            var valids = "<?php 
-                foreach ($_SESSION['SWEKEY']['VALID_SWEKEYS'] as $key => $value) 
+            var valids = "<?php
+                foreach ($_SESSION['SWEKEY']['VALID_SWEKEYS'] as $key => $value)
                         echo $key.',';
                 ?>";
         var connected_keys = Swekey_ListKeyIds().split(",");
-        for (i in connected_keys) 
+        for (i in connected_keys)
             if (connected_keys[i] != null && connected_keys[i].length == 32)
                     if (valids.indexOf(connected_keys[i]) >= 0)
                        return connected_keys[i];
 
-        
+
         if (connected_keys.length > 0)
                 if (connected_keys[0].length == 32)
                    return "unknown_key_" + connected_keys[0];
-                
+
                 return "none";
         }
 
     var key = Swekey_GetValidKey();
-    
+
     function timedCheck()
     {
         if (key != Swekey_GetValidKey())
         {
-            window.location.search = "?swekey_reset";  
+            window.location.search = "?swekey_reset";
         }
                 else
@@ -103 +112 @@
         <?php
 
-        if (! empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'])) 
+        if (! empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']))
                 return null;
 
-    if (count($_SESSION['SWEKEY']['VALID_SWEKEYS']) == 0) 
-        return sprintf($GLOBALS['strSwekeyNoKeyId'], $GLOBALS['cfg']['Server']['auth_swekey_config']); 
+    if (count($_SESSION['SWEKEY']['VALID_SWEKEYS']) == 0)
+        return sprintf($GLOBALS['strSwekeyNoKeyId'], $GLOBALS['cfg']['Server']['auth_swekey_config']);
 
     require_once "./libraries/auth/swekey/swekey.php";
-    
+
     Swekey_SetCheckServer($_SESSION['SWEKEY']['CONF_SERVER_CHECK']);
     Swekey_SetRndTokenServer($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']);
@@ -122 +131 @@
         $pos = strrpos($caFile, '/');
         if ($pos === false)
-            $pos = strrpos($caFile, '\\'); // windows  
+            $pos = strrpos($caFile, '\\'); // windows
         $caFile = substr($caFile, 0, $pos + 1).'musbe-ca.crt';
 //        echo "\n<!-- $caFile -->\n";
@@ -132 +141 @@
         Swekey_SetCAFile($caFile);
     else if (! empty($caFile) && (substr($_SESSION['SWEKEY']['CONF_SERVER_CHECK'], 0, 8) == "https://"))
-        return "Internal Error: CA File $caFile not found";  
-                
+        return "Internal Error: CA File $caFile not found";
+
     $result = null;
-    parse_str($_SERVER['QUERY_STRING']); 
+    parse_str($_SERVER['QUERY_STRING']);
     if (isset($swekey_id)) {
         unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
@@ -148 +157 @@
                     $result = $GLOBALS['strSwekeyAuthFailed'] . ' (' . Swekey_GetLastError() . ')';
                 }
-                else {            
+                else {
                     $_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'] = $swekey_id;
                         $_SESSION['SWEKEY']['FORCE_USER'] = $_SESSION['SWEKEY']['VALID_SWEKEYS'][$swekey_id];
                     return null;
-                }           
+                }
             }
             else {
-                $result = $GLOBALS['strSwekeyNoKey']; 
+                $result = $GLOBALS['strSwekeyNoKey'];
                 if ($_SESSION['SWEKEY']['CONF_DEBUG'])
                 {
-                    $result .= "<br>".$swekey_id;  
+                    $result .= "<br>".$swekey_id;
                 }
-                unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file 
+                unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
              }
-        }                
-    }
-    else 
-        unset($_SESSION['SWEKEY']);        
+        }
+    }
+    else
+        unset($_SESSION['SWEKEY']);
 
     $_SESSION['SWEKEY']['RND_TOKEN'] = Swekey_GetFastRndToken();
@@ -186 +195 @@
                     url = url.substr(0, url.indexOf("?"));
                 Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>");
-                var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);     
+                var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
                 window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp;
             }
         </script>
         <?php
-        return $GLOBALS['strSwekeyAuthenticating']; 
-    }
- 
+        return $GLOBALS['strSwekeyAuthenticating'];
+    }
+
     return $result;
 }
 
 
+/**
+ * Perform login using Swekey.
+ */
 function Swekey_login($input_name, $input_go)
 {
@@ -212 +224 @@
     if (isset($_SESSION['SWEKEY']) && $_SESSION['SWEKEY']['ENABLED']) {
         echo '<script type="text/javascript">';
-        if (empty($_SESSION['SWEKEY']['FORCE_USER'])) 
+        if (empty($_SESSION['SWEKEY']['FORCE_USER']))
             echo 'var user = null;';
         else
@@ -222 +234 @@
                 window.open("http://phpmyadmin.net/auth_key");
             }
-        
+
             var input_username = document.getElementById("<?php echo $input_name; ?>");
             var input_go = document.getElementById("<?php echo $input_go; ?>");
@@ -241 +253 @@
                         }
                         input_username.readOnly = true;
-       
+
                 if (input_username.nextSibling == null)
                         input_username.parentNode.appendChild(swekey_status);
@@ -268 +280 @@
         unset($_SESSION['SWEKEY']);
 }
-    
+
 ?>

trunk/gui/tools/pma/libraries/common.lib.php

@@ -4 +4 @@
  * Misc functions used all over the scripts.
  *
- * @version $Id: common.lib.php 12492 2009-05-24 12:28:04Z lem9 $
+ * @version $Id: common.lib.php 12608 2009-06-30 10:48:08Z lem9 $
  * @package phpMyAdmin
  */
@@ -306 +306 @@
     // first check for the SQL parser having hit an error
     if (PMA_SQP_isError()) {
-        return $parsed_sql;
+        return htmlspecialchars($parsed_sql['raw']);
     }
     // then check for an array

trunk/gui/tools/pma/sql.php

@@ -4 +4 @@
  * @todo    we must handle the case if sql.php is called directly with a query
  *          that returns 0 rows - to prevent cyclic redirects or includes
- * @version $Id: sql.php 12340 2009-04-09 14:20:44Z nijel $
+ * @version $Id: sql.php 12608 2009-06-30 10:48:08Z lem9 $
  * @package phpMyAdmin
  */
@@ -312 +312 @@
             }
             $active_page = $goto;
-            $message = PMA_Message::rawError($error);
+            $message = htmlspecialchars(PMA_Message::rawError($error));
             /**
              * Go to target path.

trunk/gui/tools/pma/translators.html

@@ -3 +3 @@
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US"
     version="-//W3C//DTD XHTML 1.1//EN" dir="ltr">
-<!-- $Id: translators.html 12576 2009-06-15 15:30:30Z lem9 $ -->
+<!-- $Id: translators.html 12609 2009-06-30 10:52:07Z lem9 $ -->
 
 <head>
@@ -9 +9 @@
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>phpMyAdmin 3.2.0 - Official translators</title>
+    <title>phpMyAdmin 3.2.0.1 - Official translators</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
@@ -17 +17 @@
     <h1>
         <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
-        3.2.0
+        3.2.0.1
         official translators list
     </h1>