Skip to content

Instantly share code, notes, and snippets.

@freemed

freemed/phpmyadmin-3.4.3-3.4.3.2.diff

Created July 27, 2011 12:32
Show Gist options
  • Save freemed/1109262 to your computer and use it in GitHub Desktop.
Save freemed/1109262 to your computer and use it in GitHub Desktop.
Download ZIP
phpmyadmin 3.4.3 to 3.4.3.2 security patch
Raw
phpmyadmin-3.4.3-3.4.3.2.diff
diff -uNr phpMyAdmin-3.4.3-all-languages/ChangeLog phpMyAdmin-3.4.3.2-all-languages/ChangeLog
--- phpMyAdmin-3.4.3-all-languages/ChangeLog 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/ChangeLog 2011-07-23 08:42:50.000000000 -0400
@@ -1,6 +1,18 @@
phpMyAdmin - ChangeLog
======================
+3.4.3.2 (2011-07-23)
+- [security] Fixed XSS vulnerability, see PMASA-2011-9
+- [security] Fixed local file inclusion vulnerability, see PMASA-2011-10
+- [security] Fixed local file inclusion vulnerability and code execution, see PMASA-2011-11
+- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12
+
+3.4.3.1 (2011-07-02)
+- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
+- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
+- [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7
+- [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8
+
3.4.3.0 (2011-06-27)
- bug #3311170 [sync] Missing helper icons in Synchronize
- patch #3304473 [setup] Redefine a lable that was wrong
diff -uNr phpMyAdmin-3.4.3-all-languages/config.sample.inc.php phpMyAdmin-3.4.3.2-all-languages/config.sample.inc.php
--- phpMyAdmin-3.4.3-all-languages/config.sample.inc.php 1969-12-31 19:00:00.000000000 -0500
+++ phpMyAdmin-3.4.3.2-all-languages/config.sample.inc.php 2011-07-23 08:42:50.000000000 -0400
@@ -0,0 +1,143 @@
+<?php
+/* vim: set expandtab sw=4 ts=4 sts=4: */
+/**
+ * phpMyAdmin sample configuration, you can use it as base for
+ * manual configuration. For easier setup you can use setup/
+ *
+ * All directives are explained in Documentation.html and on phpMyAdmin
+ * wiki <http://wiki.phpmyadmin.net>.
+ *
+ * @package phpMyAdmin
+ */
+
+/*
+ * This is needed for cookie based authentication to encrypt password in
+ * cookie
+ */
+$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+
+/*
+ * Servers configuration
+ */
+$i = 0;
+
+/*
+ * First server
+ */
+$i++;
+/* Authentication type */
+$cfg['Servers'][$i]['auth_type'] = 'cookie';
+/* Server parameters */
+$cfg['Servers'][$i]['host'] = 'localhost';
+$cfg['Servers'][$i]['connect_type'] = 'tcp';
+$cfg['Servers'][$i]['compress'] = false;
+/* Select mysqli if your server has it */
+$cfg['Servers'][$i]['extension'] = 'mysql';
+$cfg['Servers'][$i]['AllowNoPassword'] = false;
+
+/*
+ * phpMyAdmin configuration storage settings.
+ */
+
+/* User used to manipulate with storage */
+// $cfg['Servers'][$i]['controluser'] = 'pma';
+// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
+
+/* Storage database and tables */
+// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
+// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';
+// $cfg['Servers'][$i]['relation'] = 'pma_relation';
+// $cfg['Servers'][$i]['table_info'] = 'pma_table_info';
+// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';
+// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';
+// $cfg['Servers'][$i]['column_info'] = 'pma_column_info';
+// $cfg['Servers'][$i]['history'] = 'pma_history';
+// $cfg['Servers'][$i]['tracking'] = 'pma_tracking';
+// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';
+// $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig';
+/* Contrib / Swekey authentication */
+// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf';
+
+/*
+ * End of servers configuration
+ */
+
+/*
+ * Directories for saving/loading files from server
+ */
+$cfg['UploadDir'] = '';
+$cfg['SaveDir'] = '';
+
+/**
+ * Defines whether a user should be displayed a "show all (records)"
+ * button in browse mode or not.
+ * default = false
+ */
+//$cfg['ShowAll'] = true;
+
+/**
+ * Number of rows displayed when browsing a result set. If the result
+ * set contains more rows, "Previous" and "Next".
+ * default = 30
+ */
+//$cfg['MaxRows'] = 50;
+
+/**
+ * Use graphically less intense menu tabs
+ * default = false
+ */
+//$cfg['LightTabs'] = true;
+
+/**
+ * disallow editing of binary fields
+ * valid values are:
+ * false allow editing
+ * 'blob' allow editing except for BLOB fields
+ * 'all' disallow editing
+ * default = blob
+ */
+//$cfg['ProtectBinary'] = 'false';
+
+/**
+ * Default language to use, if not browser-defined or user-defined
+ * (you find all languages in the locale folder)
+ * uncomment the desired line:
+ * default = 'en'
+ */
+//$cfg['DefaultLang'] = 'en';
+//$cfg['DefaultLang'] = 'de';
+
+/**
+ * default display direction (horizontal|vertical|horizontalflipped)
+ */
+//$cfg['DefaultDisplay'] = 'vertical';
+
+
+/**
+ * How many columns should be used for table display of a database?
+ * (a value larger than 1 results in some information being hidden)
+ * default = 1
+ */
+//$cfg['PropertiesNumColumns'] = 2;
+
+/**
+ * Set to true if you want DB-based query history.If false, this utilizes
+ * JS-routines to display query history (lost by window close)
+ *
+ * This requires configuration storage enabled, see above.
+ * default = false
+ */
+//$cfg['QueryHistoryDB'] = true;
+
+/**
+ * When using DB-based query history, how many entries should be kept?
+ *
+ * default = 25
+ */
+//$cfg['QueryHistoryMax'] = 100;
+
+/*
+ * You can find more configuration options in Documentation.html
+ * or here: http://wiki.phpmyadmin.net/pma/Config
+ */
+?>
diff -uNr phpMyAdmin-3.4.3-all-languages/Documentation.html phpMyAdmin-3.4.3.2-all-languages/Documentation.html
--- phpMyAdmin-3.4.3-all-languages/Documentation.html 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/Documentation.html 2011-07-23 08:42:50.000000000 -0400
@@ -9,7 +9,7 @@
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>phpMyAdmin 3.4.3 - Documentation</title>
+ <title>phpMyAdmin 3.4.3.2 - Documentation</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -17,7 +17,7 @@
<div id="header">
<h1>
<a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
- 3.4.3
+ 3.4.3.2
Documentation
</h1>
</div>
diff -uNr phpMyAdmin-3.4.3-all-languages/Documentation.txt phpMyAdmin-3.4.3.2-all-languages/Documentation.txt
--- phpMyAdmin-3.4.3-all-languages/Documentation.txt 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/Documentation.txt 2011-07-23 08:42:50.000000000 -0400
@@ -1,4 +1,4 @@
-phpMyAdmin 3.4.3 Documentation
+phpMyAdmin 3.4.3.2 Documentation
* Top
* Requirements
diff -uNr phpMyAdmin-3.4.3-all-languages/libraries/auth/swekey/swekey.auth.lib.php phpMyAdmin-3.4.3.2-all-languages/libraries/auth/swekey/swekey.auth.lib.php
--- phpMyAdmin-3.4.3-all-languages/libraries/auth/swekey/swekey.auth.lib.php 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/libraries/auth/swekey/swekey.auth.lib.php 2011-07-23 08:42:50.000000000 -0400
@@ -143,7 +143,9 @@
return "Internal Error: CA File $caFile not found";
$result = null;
- parse_str($_SERVER['QUERY_STRING']);
+ $swekey_id = $_GET['swekey_id'];
+ $swekey_otp = $_GET['swekey_otp'];
+
if (isset($swekey_id)) {
unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
@@ -166,7 +168,7 @@
$result = __('No valid authentication key plugged');
if ($_SESSION['SWEKEY']['CONF_DEBUG'])
{
- $result .= "<br>".$swekey_id;
+ $result .= "<br>" . htmlspecialchars($swekey_id);
}
unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
}
@@ -186,16 +188,16 @@
<script>
if (key.length != 32)
{
- window.location.search="?swekey_id=" + key;
+ window.location.search="?swekey_id=" + key + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
}
else
{
var url = "" + window.location;
if (url.indexOf("?") > 0)
url = url.substr(0, url.indexOf("?"));
- Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>");
+ Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION[' PMA_token ']; ?>");
var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
- window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp;
+ window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
}
</script>
<?php
@@ -263,11 +265,10 @@
}
}
-if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false)
+if (!empty($_GET['session_to_unset']))
{
- parse_str($_SERVER['QUERY_STRING']);
session_write_close();
- session_id($session_to_unset);
+ session_id($_GET['session_to_unset']);
session_start();
$_SESSION = array();
session_write_close();
diff -uNr phpMyAdmin-3.4.3-all-languages/libraries/Config.class.php phpMyAdmin-3.4.3.2-all-languages/libraries/Config.class.php
--- phpMyAdmin-3.4.3-all-languages/libraries/Config.class.php 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/libraries/Config.class.php 2011-07-23 08:42:50.000000000 -0400
@@ -96,7 +96,7 @@
*/
function checkSystem()
{
- $this->set('PMA_VERSION', '3.4.3');
+ $this->set('PMA_VERSION', '3.4.3.2');
/**
* @deprecated
*/
diff -uNr phpMyAdmin-3.4.3-all-languages/libraries/display_tbl.lib.php phpMyAdmin-3.4.3.2-all-languages/libraries/display_tbl.lib.php
--- phpMyAdmin-3.4.3-all-languages/libraries/display_tbl.lib.php 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/libraries/display_tbl.lib.php 2011-07-23 08:42:50.000000000 -0400
@@ -1308,7 +1308,7 @@
if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) {
- $include_file = $GLOBALS['mime_map'][$meta->name]['transformation'];
+ $include_file = PMA_securePath($GLOBALS['mime_map'][$meta->name]['transformation']);
if (file_exists('./libraries/transformations/' . $include_file)) {
$transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']);
diff -uNr phpMyAdmin-3.4.3-all-languages/libraries/schema/User_Schema.class.php phpMyAdmin-3.4.3.2-all-languages/libraries/schema/User_Schema.class.php
--- phpMyAdmin-3.4.3-all-languages/libraries/schema/User_Schema.class.php 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/libraries/schema/User_Schema.class.php 2011-07-23 08:42:50.000000000 -0400
@@ -567,10 +567,13 @@
require_once './libraries/transformations.lib.php';
require_once './libraries/Index.class.php';
/**
- * default is PDF
+ * default is PDF, otherwise validate it's only letters a-z
*/
global $db,$export_type;
- $export_type = isset($export_type) ? $export_type : 'pdf';
+ if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
+ $export_type = 'pdf';
+ }
+
PMA_DBI_select_db($db);
include("./libraries/schema/".ucfirst($export_type)."_Relation_Schema.class.php");
diff -uNr phpMyAdmin-3.4.3-all-languages/libraries/server_synchronize.lib.php phpMyAdmin-3.4.3.2-all-languages/libraries/server_synchronize.lib.php
--- phpMyAdmin-3.4.3-all-languages/libraries/server_synchronize.lib.php 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/libraries/server_synchronize.lib.php 2011-07-23 08:42:50.000000000 -0400
@@ -624,7 +624,7 @@
$Create_Query = PMA_DBI_fetch_value("SHOW CREATE TABLE " . PMA_backquote($src_db) . '.' . PMA_backquote($uncommon_tables[$table_index]), 0, 1, $src_link);
// Replace the src table name with a `dbname`.`tablename`
- $Create_Table_Query = preg_replace('/' . PMA_backquote($uncommon_tables[$table_index]) . '/',
+ $Create_Table_Query = preg_replace('/' . preg_quote(PMA_backquote($uncommon_tables[$table_index]), '/') . '/',
PMA_backquote($trg_db) . '.' .PMA_backquote($uncommon_tables[$table_index]),
$Create_Query,
$limit = 1
diff -uNr phpMyAdmin-3.4.3-all-languages/README phpMyAdmin-3.4.3.2-all-languages/README
--- phpMyAdmin-3.4.3-all-languages/README 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/README 2011-07-23 08:42:50.000000000 -0400
@@ -1,7 +1,7 @@
phpMyAdmin - Readme
===================
-Version 3.4.3
+Version 3.4.3.2
A set of PHP-scripts to manage MySQL over the web.
diff -uNr phpMyAdmin-3.4.3-all-languages/RELEASE-DATE-3.4.3 phpMyAdmin-3.4.3.2-all-languages/RELEASE-DATE-3.4.3
--- phpMyAdmin-3.4.3-all-languages/RELEASE-DATE-3.4.3 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/RELEASE-DATE-3.4.3 1969-12-31 19:00:00.000000000 -0500
@@ -1 +0,0 @@
-Mon Jun 27 14:24:00 UTC 2011
diff -uNr phpMyAdmin-3.4.3-all-languages/RELEASE-DATE-3.4.3.2 phpMyAdmin-3.4.3.2-all-languages/RELEASE-DATE-3.4.3.2
--- phpMyAdmin-3.4.3-all-languages/RELEASE-DATE-3.4.3.2 1969-12-31 19:00:00.000000000 -0500
+++ phpMyAdmin-3.4.3.2-all-languages/RELEASE-DATE-3.4.3.2 2011-07-23 08:42:50.000000000 -0400
@@ -0,0 +1 @@
+Sat Jul 23 12:41:41 UTC 2011
diff -uNr phpMyAdmin-3.4.3-all-languages/schema_export.php phpMyAdmin-3.4.3.2-all-languages/schema_export.php
--- phpMyAdmin-3.4.3-all-languages/schema_export.php 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/schema_export.php 2011-07-23 08:42:50.000000000 -0400
@@ -37,7 +37,9 @@
* default is PDF
*/
global $db,$export_type;
-$export_type = isset($export_type) ? $export_type : 'pdf';
+if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
+ $export_type = 'pdf';
+}
PMA_DBI_select_db($db);
$path = PMA_securePath(ucfirst($export_type));
diff -uNr phpMyAdmin-3.4.3-all-languages/setup/lib/ConfigGenerator.class.php phpMyAdmin-3.4.3.2-all-languages/setup/lib/ConfigGenerator.class.php
--- phpMyAdmin-3.4.3-all-languages/setup/lib/ConfigGenerator.class.php 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/setup/lib/ConfigGenerator.class.php 2011-07-23 08:42:50.000000000 -0400
@@ -39,7 +39,7 @@
if ($cf->getServerCount() > 0) {
$ret .= "/* Servers configuration */$crlf\$i = 0;" . $crlf . $crlf;
foreach ($c['Servers'] as $id => $server) {
- $ret .= '/* Server: ' . strtr($cf->getServerName($id), '*/', '-') . " [$id] */" . $crlf
+ $ret .= '/* Server: ' . strtr($cf->getServerName($id) . " [$id] ", '*/', '-') . "*/" . $crlf
. '$i++;' . $crlf;
foreach ($server as $k => $v) {
$k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);
diff -uNr phpMyAdmin-3.4.3-all-languages/sql.php phpMyAdmin-3.4.3.2-all-languages/sql.php
--- phpMyAdmin-3.4.3-all-languages/sql.php 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/sql.php 2011-07-23 08:42:50.000000000 -0400
@@ -719,7 +719,7 @@
parse_str($_REQUEST['transform_fields_list'], $edited_values);
foreach($mime_map as $transformation) {
- $include_file = $transformation['transformation'];
+ $include_file = PMA_securePath($transformation['transformation']);
$column_name = $transformation['column_name'];
$column_data = $edited_values[$column_name];
diff -uNr phpMyAdmin-3.4.3-all-languages/tbl_printview.php phpMyAdmin-3.4.3.2-all-languages/tbl_printview.php
--- phpMyAdmin-3.4.3-all-languages/tbl_printview.php 2011-06-27 10:25:09.000000000 -0400
+++ phpMyAdmin-3.4.3.2-all-languages/tbl_printview.php 2011-07-23 08:42:50.000000000 -0400
@@ -69,7 +69,7 @@
$tbl_list .= (empty($tbl_list) ? '' : ', ')
. PMA_backquote($table);
}
- echo '<strong>'. __('Show tables') . ': ' . $tbl_list . '</strong>' . "\n";
+ echo '<strong>'. __('Show tables') . ': ' . htmlspecialchars($tbl_list) . '</strong>' . "\n";
echo '<hr />' . "\n";
} // end if
@@ -84,7 +84,7 @@
}
$counter++;
echo '<div' . $breakstyle . '>' . "\n";
- echo '<h1>' . $table . '</h1>' . "\n";
+ echo '<h1>' . htmlspecialchars($table) . '</h1>' . "\n";
/**
* Gets table informations
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment