Browse files

Upgrade to phpMyAdmin 2.11.10

  • Loading branch information...
1 parent 0645669 commit 5549fc5968d84003c50b5c72a1673599826dc929 bradymiller committed with the man Apr 22, 2010
View
10 phpmyadmin/ChangeLog
@@ -5,6 +5,16 @@ phpMyAdmin - ChangeLog
$Id$
$HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
+2.11.10.0 (2009-12-07)
+- [core] safer handling of temporary files with open_basedir (thanks to Thijs
+ Kinkhorst)
+- [core] do not automatically set and create TempDir, it might lead to security
+ issue (thanks to Thijs Kinkhorst)
+- [setup] avoid usage of (un)serialize, what might be unsafe in some cases
+
+2.11.9.6 (2009-10-12)
+- [security] XSS and SQL injection, thanks to Herman van Rink
+
2.11.9.5 (2009-03-24)
- [security] XSS vulnerability on export page
- [security] Insufficient output sanitizing when generating configuration file
View
58 phpmyadmin/Documentation.html
@@ -11,7 +11,7 @@
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <title>phpMyAdmin 2.11.9.5 - Documentation</title>
+ <title>phpMyAdmin 2.11.10 - Documentation</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -33,7 +33,7 @@
<li><a href="#glossary">Glossary</a></li>
</ul>
-<h1>phpMyAdmin 2.11.9.5 Documentation</h1>
+<h1>phpMyAdmin 2.11.10 Documentation</h1>
<ul><li><a href="http://www.phpmyadmin.net/">
phpMyAdmin homepage</a></li>
@@ -267,6 +267,7 @@ <h3 id="quick_install">Quick Install</h3>
<pre>
mv config/config.inc.php . # move file to current directory
chmod o-rw config.inc.php # remove world read and write permissions
+rm -rf config # remove not needed directory
</pre>
Now the file is ready to be used. You can choose to review or edit
the file with your favorite editor, if you prefer to set some
@@ -1743,12 +1744,51 @@ <h2 id="config">Configuration</h2>
<dt id="cfg_TempDir">$cfg['TempDir'] string</dt>
<dd>
- The name of the directory where temporary files can be stored.
+ The name of the directory where temporary files can be stored.
<br /><br />
+
This is needed for native MS Excel export, see
<a href="#faq6_23"><abbr title="Frequently Asked Questions">FAQ</abbr>
- 6.23</a>
- </dd>
+ 6.23</a> and to work around limitations of
+ <tt>open_basedir</tt> for uploaded
+ files, see <a href="#faq1_11"><abbr title="Frequently Asked Questions">FAQ</abbr>
+ 1.11</a>.
+ <br /><br />
+
+ If the directory where phpMyAdmin is installed is subject to an
+ <tt>open_basedir</tt> restriction, you need to create a
+ temporary directory in some directory accessible by the web
+ server. However for security reasons, this directory should be outside
+ the tree published by webserver. If you cannot avoid having this
+ directory published by webserver, place at least an empty
+ <tt>index.html</tt> file there, so that directory listing is not
+ possible.
+ <br /><br />
+
+ This directory should have as strict permissions as possible as the only
+ user required to access this directory is the one who runs the
+ webserver. If you have root privileges, simply make this user owner of
+ this directory and make it accessible only by it:
+ <br /><br />
+
+<pre>
+chown www-data:www-data tmp
+chmod 700 tmp
+</pre>
+
+ If you cannot change owner of the directory, you can achieve a similar
+ setup using <abbr title="Access Control List">ACL</abbr>:
+
+<pre>
+chmod 700 tmp
+setfacl -m "g:www-data:rwx" tmp
+setfacl -d -m "g:www-data:rwx" tmp
+</pre>
+
+ If neither of above works for you, you can still make the directory
+ <code>chmod 777</code>, but it might impose risk of other users on
+ system reading and writing data in this directory.
+ </dd>
<dt id="cfg_Export">$cfg['Export'] array</dt>
<dd>
@@ -2447,11 +2487,9 @@ <h4 id="faq1_11">
uploading a file from the query box.</a></h4>
<p> Since version 2.2.4, phpMyAdmin supports servers with open_basedir
- restrictions. Assuming that the restriction allows you to open files in the
- current directory ('.'), all you have to do is create a 'tmp' directory
- under the phpMyAdmin install directory, with permissions 777 and the same
- owner as the owner of your phpMyAdmin directory. The uploaded files will
- be moved there, and after execution of your
+ restrictions. However you need to create temporary directory and
+ configure it as <a href="#cfg_TempDir" class="configrule">$cfg['TempDir']</a>.
+ The uploaded files will be moved there, and after execution of your
<abbr title="structured query language">SQL</abbr> commands, removed.</p>
<h4 id="faq1_12">
View
43 phpmyadmin/Documentation.txt
@@ -11,7 +11,7 @@
* Translators
* Glossary
-phpMyAdmin 2.11.9.5 Documentation
+phpMyAdmin 2.11.10 Documentation
* phpMyAdmin homepage
* SourceForge phpMyAdmin project page
@@ -20,7 +20,7 @@ phpMyAdmin 2.11.9.5 Documentation
+ Version history: ChangeLog
+ General notes: README
+ License: LICENSE
- * Documentation version: $Id: Documentation.html 12317 2009-03-24 21:04:18Z
+ * Documentation version: $Id: Documentation.html 13152 2009-12-07 17:13:18Z
lem9 $
Requirements
@@ -181,6 +181,7 @@ Quick Install
mv config/config.inc.php . # move file to current directory
chmod o-rw config.inc.php # remove world read and write permissions
+ rm -rf config # remove not needed directory
Now the file is ready to be used. You can choose to review or edit the
file with your favorite editor, if you prefer to set some advanced
@@ -1233,7 +1234,35 @@ $cfg['SaveDir'] string
$cfg['TempDir'] string
The name of the directory where temporary files can be stored.
- This is needed for native MS Excel export, see FAQ 6.23
+ This is needed for native MS Excel export, see FAQ 6.23 and to work around
+ limitations of open_basedir for uploaded files, see FAQ 1.11.
+
+ If the directory where phpMyAdmin is installed is subject to an
+ open_basedir restriction, you need to create a temporary directory in some
+ directory accessible by the web server. However for security reasons, this
+ directory should be outside the tree published by webserver. If you cannot
+ avoid having this directory published by webserver, place at least an empty
+ index.html file there, so that directory listing is not possible.
+
+ This directory should have as strict permissions as possible as the only
+ user required to access this directory is the one who runs the webserver.
+ If you have root privileges, simply make this user owner of this directory
+ and make it accessible only by it:
+
+
+ chown www-data:www-data tmp
+ chmod 700 tmp
+
+ If you cannot change owner of the directory, you can achieve a similar
+ setup using ACL:
+
+ chmod 700 tmp
+ setfacl -m "g:www-data:rwx" tmp
+ setfacl -d -m "g:www-data:rwx" tmp
+
+ If neither of above works for you, you can still make the directory chmod
+ 777, but it might impose risk of other users on system reading and writing
+ data in this directory.
$cfg['Export'] array
In this array are defined default parameters for export, names of items are
similar to texts seen on export page, so you can easily identify what they
@@ -1793,11 +1822,9 @@ It seems to clear up many problems between Internet Explorer and SSL.
box.
Since version 2.2.4, phpMyAdmin supports servers with open_basedir
-restrictions. Assuming that the restriction allows you to open files in the
-current directory ('.'), all you have to do is create a 'tmp' directory under
-the phpMyAdmin install directory, with permissions 777 and the same owner as
-the owner of your phpMyAdmin directory. The uploaded files will be moved there,
-and after execution of your SQL commands, removed.
+restrictions. However you need to create temporary directory and configure it
+as $cfg['TempDir']. The uploaded files will be moved there, and after execution
+of your SQL commands, removed.
1.12 I have lost my MySQL root password, what can I do?
View
6 phpmyadmin/README
@@ -5,12 +5,12 @@ phpMyAdmin - Readme
A set of PHP-scripts to manage MySQL over the web.
- Version 2.11.9.5
- ----------------
+ Version 2.11.10
+ ---------------
http://www.phpmyadmin.net/
Copyright (C) 1998-2000 Tobias Ratschiller <tobias_at_ratschiller.com>
- Copyright (C) 2001-2008 Marc Delisle <Marc.Delisle_at_cegepsherbrooke.qc.ca>
+ Copyright (C) 2001-2009 Marc Delisle <Marc.Delisle_at_cegepsherbrooke.qc.ca>
Olivier Müller <om_at_omnis.ch>
Robin Johnson <robbat2_at_users.sourceforge.net>
Alexander M. Turek <me_at_derrabus.de>
View
2 phpmyadmin/db_operations.php
@@ -463,7 +463,7 @@
<?php
while ($pages = @PMA_DBI_fetch_assoc($test_rs)) {
echo ' <option value="' . $pages['page_nr'] . '">'
- . $pages['page_nr'] . ': ' . $pages['page_descr'] . '</option>' . "\n";
+ . $pages['page_nr'] . ': ' . htmlspecialchars($pages['page_descr']) . '</option>' . "\n";
} // end while
PMA_DBI_free_result($test_rs);
unset($test_rs);
View
2 phpmyadmin/libraries/Config.class.php
@@ -85,7 +85,7 @@ function __construct($source = null)
*/
function checkSystem()
{
- $this->set('PMA_VERSION', '2.11.9.5');
+ $this->set('PMA_VERSION', '2.11.10');
/**
* @deprecated
*/
View
37 phpmyadmin/libraries/File.class.php
@@ -488,7 +488,7 @@ function setLocalSelectedFile($name)
*/
function isReadable()
{
- // surpress warnings from beeing displayed, but not from beeing logged
+ // suppress warnings from being displayed, but not from being logged
// any file access outside of open_basedir will issue a warning
ob_start();
$is_readable = is_readable($this->getName());
@@ -527,42 +527,15 @@ function checkUploadedFile()
return true;
}
- /**
- * it is not important if open_basedir is set - we just cannot read the file
- * so we try to move it
- if ('' != ini_get('open_basedir')) {
- */
-
- // check tmp dir config
- if (empty($GLOBALS['cfg']['TempDir'])) {
- $GLOBALS['cfg']['TempDir'] = 'tmp/';
- }
-
- // surpress warnings from beeing displayed, but not from beeing logged
- ob_start();
- // check tmp dir
- if (! is_dir($GLOBALS['cfg']['TempDir'])) {
- // try to create the tmp directory
- if (@mkdir($GLOBALS['cfg']['TempDir'], 0777)) {
- chmod($GLOBALS['cfg']['TempDir'], 0777);
- } else {
- // create tmp dir failed
- $this->_error_message = $GLOBALS['strFieldInsertFromFileTempDirNotExists'];
- ob_end_clean();
- return false;
- }
- }
- ob_end_clean();
-
- if (! is_writable($GLOBALS['cfg']['TempDir'])) {
+ if (empty($GLOBALS['cfg']['TempDir']) || ! is_writable($GLOBALS['cfg']['TempDir'])) {
// cannot create directory or access, point user to FAQ 1.11
$this->_error_message = $GLOBALS['strFieldInsertFromFileTempDirNotExists'];
return false;
}
- $new_file_to_upload = $GLOBALS['cfg']['TempDir'] . '/' . basename($this->getName());
+ $new_file_to_upload = tempnam(realpath($GLOBALS['cfg']['TempDir']), basename($this->getName()));
- // surpress warnings from beeing displayed, but not from beeing logged
+ // suppress warnings from being displayed, but not from being logged
// any file access outside of open_basedir will issue a warning
ob_start();
$move_uploaded_file_result = move_uploaded_file($this->getName(), $new_file_to_upload);
@@ -602,7 +575,7 @@ function checkUploadedFile()
*/
function _detectCompression()
{
- // surpress warnings from beeing displayed, but not from beeing logged
+ // suppress warnings from being displayed, but not from being logged
// f.e. any file access outside of open_basedir will issue a warning
ob_start();
$file = fopen($this->getName(), 'rb');
View
12 phpmyadmin/pdf_pages.php
@@ -273,7 +273,7 @@
if (isset($chpage) && $chpage == $curr_page['page_nr']) {
echo ' selected="selected"';
}
- echo '>' . $curr_page['page_nr'] . ': ' . $curr_page['page_descr'] . '</option>';
+ echo '>' . $curr_page['page_nr'] . ': ' . htmlspecialchars($curr_page['page_descr']) . '</option>';
} // end while
echo "\n";
?>
@@ -426,12 +426,12 @@ function resetDrag() {
echo "\n" . ' <td>'
. "\n" . ' <select name="c_table_' . $i . '[name]">';
foreach ($selectboxall AS $key => $value) {
- echo "\n" . ' <option value="' . $value . '"';
+ echo "\n" . ' <option value="' . htmlspecialchars($value) . '"';
if ($value == $sh_page['table_name']) {
echo ' selected="selected"';
$tabExist[$_mtab] = TRUE;
}
- echo '>' . $value . '</option>';
+ echo '>' . htmlspecialchars($value) . '</option>';
} // end while
echo "\n" . ' </select>'
. "\n" . ' </td>';
@@ -459,7 +459,7 @@ function resetDrag() {
echo "\n" . ' <td>'
. "\n" . ' <select name="c_table_' . $i . '[name]">';
foreach ($selectboxall AS $key => $value) {
- echo "\n" . ' <option value="' . $value . '">' . $value . '</option>';
+ echo "\n" . ' <option value="' . htmlspecialchars($value) . '">' . htmlspecialchars($value) . '</option>';
}
echo "\n" . ' </select>'
. "\n" . ' </td>';
@@ -490,8 +490,8 @@ function resetDrag() {
if (!empty($tabExist) && is_array($tabExist)) {
foreach ($tabExist AS $key => $value) {
if (!$value) {
- $_strtrans .= '<input type="hidden" name="delrow[]" value="' . $key . '" />' . "\n";
- $_strname .= '<li>' . $key . '</li>' . "\n";
+ $_strtrans .= '<input type="hidden" name="delrow[]" value="' . htmlspecialchars($key) . '" />' . "\n";
+ $_strname .= '<li>' . htmlspecialchars($key) . '</li>' . "\n";
$shoot = TRUE;
}
}
View
17 phpmyadmin/pmd_pdf.php
@@ -23,26 +23,29 @@
$pmd_table = PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['designer_coords']);
$pma_table = PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']);
+ $scale_q = PMA_sqlAddslashes($scale);
+ $pdf_page_number_q = PMA_sqlAddslashes($pdf_page_number);
if (isset($exp)) {
- $sql = "REPLACE INTO " . $pma_table . " (db_name, table_name, pdf_page_number, x, y) SELECT db_name, table_name, " . $pdf_page_number . ", ROUND(x/" . $scale . ") , ROUND(y/" . $scale . ") y FROM " . $pmd_table . " WHERE db_name = '" . $db . "'";
+ $sql = "REPLACE INTO " . $pma_table . " (db_name, table_name, pdf_page_number, x, y) SELECT db_name, table_name, " . $pdf_page_number_q . ", ROUND(x/" . $scale_q . ") , ROUND(y/" . $scale_q . ") y FROM " . $pmd_table . " WHERE db_name = '" . PMA_sqlAddslashes($db) . "'";
PMA_query_as_cu($sql,TRUE,PMA_DBI_QUERY_STORE);
}
if (isset($imp)) {
PMA_query_as_cu(
'UPDATE ' . $pma_table . ',' . $pmd_table .
- ' SET ' . $pmd_table . '.`x`= ' . $pma_table . '.`x` * '. $scale . ',
- ' . $pmd_table . '.`y`= ' . $pma_table . '.`y` * '.$scale.'
+ ' SET ' . $pmd_table . '.`x`= ' . $pma_table . '.`x` * '. $scale_q . ',
+ ' . $pmd_table . '.`y`= ' . $pma_table . '.`y` * '. $scale_q .'
WHERE
' . $pmd_table . '.`db_name`=' . $pma_table . '.`db_name`
AND
' . $pmd_table . '.`table_name` = ' . $pma_table . '.`table_name`
AND
- ' . $pmd_table . '.`db_name`=\''.$db.'\'
- AND pdf_page_number = '.$pdf_page_number.';',TRUE,PMA_DBI_QUERY_STORE); }
+ ' . $pmd_table . '.`db_name`=\''. PMA_sqlAddslashes($db) .'\'
+ AND pdf_page_number = ' . $pdf_page_number_q . ';', TRUE, PMA_DBI_QUERY_STORE);
+ }
die("<script>alert('$strModifications');history.go(-2);</script>");
}
@@ -76,11 +79,11 @@
<select name="pdf_page_number">
<?php
$table_info_result = PMA_query_as_cu('SELECT * FROM '.PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages']).'
- WHERE db_name = \''.$db.'\'');
+ WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'');
while($page = PMA_DBI_fetch_assoc($table_info_result))
{
?>
- <option value="<?php echo $page['page_nr'] ?>"><?php echo $page['page_descr'] ?></option>
+ <option value="<?php echo $page['page_nr'] ?>"><?php echo htmlspecialchars($page['page_descr']) ?></option>
<?php
}
?>
View
187 phpmyadmin/scripts/setup.php
@@ -37,35 +37,32 @@
// Grab wanted CRLF type
if (isset($_POST['eoltype'])) {
- $eoltype = $_POST['eoltype'];
+ $_SESSION['eoltype'] = $_POST['eoltype'];
} else {
if (PMA_USR_OS == 'Win') {
- $eoltype = 'dos';
+ $_SESSION['eoltype'] = 'dos';
} else {
- $eoltype = 'unix';
+ $_SESSION['eoltype'] = 'unix';
}
}
// Detect which CRLF to use
-if ($eoltype == 'dos') {
+if ($_SESSION['eoltype'] == 'dos') {
$crlf = "\r\n";
-} elseif ($eoltype == 'mac') {
+} elseif ($_SESSION['eoltype'] == 'mac') {
$crlf = "\r";
} else {
$crlf = "\n";
}
-if (isset($_POST['configuration']) && $action != 'clear') {
- // Grab previous configuration, if it should not be cleared
- $configuration = unserialize($_POST['configuration']);
-} else {
- // Start with empty configuration
- $configuration = array();
+if (!isset($_SESSION['configuration']) || $action == 'clear') {
+ // Create empty configuration
+ $_SESSION['configuration'] = array();
}
// We rely on Servers array to exist, so create it here
-if (!isset($configuration['Servers']) || !is_array($configuration['Servers'])) {
- $configuration['Servers'] = array();
+if (!isset($_SESSION['configuration']['Servers']) || !is_array($_SESSION['configuration']['Servers'])) {
+ $_SESSION['configuration']['Servers'] = array();
}
// Used later
@@ -341,20 +338,6 @@ function message($type, $text, $title = '') {
}
/**
- * Creates hidden input required for keeping current configuraion
- *
- * @return string HTML with hidden inputs
- */
-function get_hidden_cfg() {
- global $configuration, $eoltype;
-
- $ret = '<input type="hidden" name="configuration" value="' . htmlspecialchars(serialize($configuration)) . '" />' . "\n";
- $ret .= '<input type="hidden" name="eoltype" value="' . htmlspecialchars($eoltype) . '" />' . "\n";
-
- return $ret;
-}
-
-/**
* Returns needed hidden input for forms.
*
* @return string HTML with hidden inputs
@@ -383,7 +366,6 @@ function get_action($name, $title, $added = '', $enabled = TRUE) {
$ret .= ' disabled="disabled"';
}
$ret .= ' />';
- $ret .= get_hidden_cfg();
$ret .= '</form>';
$ret .= "\n";
return $ret;
@@ -613,7 +595,7 @@ function compress_servers(&$cfg) {
* @param string list of values to grab, values are separated by ";",
* each can have defined type separated by ":", if no type
* is defined, string is assumed. Possible types: bool -
- * boolean value, serialized - serialized value, int -
+ * boolean value, allow-deny - allow-deny rules, int -
* integer, tristate - "TRUE"/"FALSE" converted to bool,
* other strings are kept.
*
@@ -632,9 +614,17 @@ function grab_values($list)
case 'bool':
$res[$v[0]] = isset($_POST[$v[0]]);
break;
- case 'serialized':
- if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) {
- $res[$v[0]] = unserialize($_POST[$v[0]]);
+ case 'allow-deny':
+ $res[$v[0]] = array();
+ if (isset($_POST[$v[0] . '_order']) && strlen($_POST[$v[0] . '_order']) > 0) {
+ $res[$v[0]]['order'] = $_POST[$v[0]];
+ } else {
+ $res[$v[0]]['order'] = '';
+ }
+ if (isset($_POST[$v[0] . '_rules']) && strlen($_POST[$v[0] . '_rules']) > 0) {
+ $res[$v[0]]['rules'] = split('|', $_POST[$v[0]]);
+ } else {
+ $res[$v[0]]['rules'] = array();
}
break;
case 'int':
@@ -819,7 +809,6 @@ function show_security_form($defaults = array()) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="feat_security_real" />
<?php
- echo get_hidden_cfg();
show_config_form(array(
array('Blowfish secret', 'blowfish_secret', 'Secret passphrase used for encrypting cookies'),
array('Force SSL connection', 'ForceSSL', 'Whether to force using secured connection while using phpMyAdmin', FALSE),
@@ -850,7 +839,6 @@ function show_manual_form($defaults = array()) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="feat_manual_real" />
<?php
- echo get_hidden_cfg();
show_config_form(array(
array('Type of MySQL documentation', 'MySQLManualType', 'These types are same as listed on MySQL download page', array('viewable', 'chapters', 'big', 'none')),
array('Base URL of MySQL documentation', 'MySQLManualBase', 'Where is MySQL documentation placed, this is usually top level directory.'),
@@ -877,7 +865,6 @@ function show_charset_form($defaults = array()) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="feat_charset_real" />
<?php
- echo get_hidden_cfg();
show_config_form(array(
array('Allow charset conversion', 'AllowAnywhereRecoding', 'If you want to use such functions.', FALSE),
array('Default charset', 'DefaultCharset', 'Default charset for conversion.', $PMA_Config_Setup->get('AvailableCharsets')),
@@ -905,7 +892,6 @@ function show_extensions_form($defaults = array()) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="feat_extensions_real" />
<?php
- echo get_hidden_cfg();
show_config_form(array(
array('GD 2 is available', 'GD2Available', 'Whether you have GD 2 or newer installed', array('auto', 'yes', 'no')),
),
@@ -931,7 +917,6 @@ function show_relation_form($defaults = array()) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="feat_relation_real" />
<?php
- echo get_hidden_cfg();
show_config_form(array(
array('Permanent query history', 'QueryHistoryDB', 'Store history into database.', FALSE),
array('Maximal history size', 'QueryHistoryMax', 'How many queries are kept in history.'),
@@ -959,7 +944,6 @@ function show_upload_form($defaults = array()) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="feat_upload_real" />
<?php
- echo get_hidden_cfg();
show_config_form(array(
array('Upload directory', 'UploadDir', 'Directory on server where you can upload files for import'),
array('Save directory', 'SaveDir', 'Directory where exports can be saved on server'),
@@ -985,14 +969,21 @@ function show_server_form($defaults = array(), $number = FALSE) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="addserver_real" />
<?php
- echo get_hidden_cfg();
if (!($number === FALSE)) {
echo '<input type="hidden" name="server" value="' . $number . '" />';
}
- $hi = array ('bookmarktable', 'relation', 'table_info', 'table_coords', 'pdf_pages', 'column_info', 'designer_coords', 'history', 'AllowDeny');
+ $hi = array ('bookmarktable', 'relation', 'table_info', 'table_coords', 'pdf_pages', 'column_info', 'designer_coords', 'history');
foreach ($hi as $k) {
- if (isset($defaults[$k]) && (!is_string($defaults[$k]) || strlen($defaults[$k]) > 0)) {
- echo '<input type="hidden" name="' . $k . '" value="' . htmlspecialchars(serialize($defaults[$k])) . '" />';
+ if (isset($defaults[$k]) && is_string($defaults[$k]) && strlen($defaults[$k]) > 0) {
+ echo '<input type="hidden" name="' . $k . '" value="' . htmlspecialchars($defaults[$k]) . '" />';
+ }
+ }
+ if (isset($defaults['AllowDeny'])) {
+ if (isset($defaults['AllowDeny']['order']) && is_string($defaults['AllowDeny']['order']) && strlen($defaults['AllowDeny']['order']) > 0) {
+ echo '<input type="hidden" name="AllowDeny_rules" value="' . htmlspecialchars($defaults['AllowDeny']['order']) . '" />';
+ }
+ if (isset($defaults['AllowDeny']['rules']) && is_array($defaults['AllowDeny']['rules']) && count($defaults['AllowDeny']['rules']) > 0) {
+ echo '<input type="hidden" name="AllowDeny_rules" value="' . htmlspecialchars(implode('|', $defaults['AllowDeny']['rules'])) . '" />';
}
}
show_config_form(array(
@@ -1035,7 +1026,6 @@ function show_left_form($defaults = array()) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="lay_navigation_real" />
<?php
- echo get_hidden_cfg();
show_config_form(array(
array('Use light version', 'LeftFrameLight', 'Disable this if you want to see all databases at one time.', TRUE),
array('Display databases in tree', 'LeftFrameDBTree', 'Whether to display databases in tree (determined by separator defined lower)', TRUE),
@@ -1069,7 +1059,6 @@ function show_tabs_form($defaults = array()) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="lay_tabs_real" />
<?php
- echo get_hidden_cfg();
show_config_form(array(
array('Default tab for server', 'DefaultTabServer', 'Tab that is displayed when entering server', array('main.php', 'server_databases.php', 'server_status.php', 'server_variables.php', 'server_privileges.php', 'server_processlist.php')),
array('Default tab for database', 'DefaultTabDatabase', 'Tab that is displayed when entering database', array('db_structure.php', 'db_sql.php', 'db_search.php', 'db_operations.php')),
@@ -1097,7 +1086,6 @@ function show_icons_form($defaults = array()) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="lay_icons_real" />
<?php
- echo get_hidden_cfg();
show_config_form(array(
array('Icons on errors', 'ErrorIconic', 'Whether to use icons in error messages.', TRUE),
array('Icons on main page', 'MainPageIconic', 'Whether to use icons on main page.', TRUE),
@@ -1126,7 +1114,6 @@ function show_browse_form($defaults = array()) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="lay_browse_real" />
<?php
- echo get_hidden_cfg();
show_config_form(array(
array('Display of values', 'DefaultDisplay', 'How to list values while browsing', array('horizontal', 'vertical', 'horizontalflipped')),
array('Hightlight pointer', 'BrowsePointerEnable', 'Whether to highlight row under mouse.', TRUE),
@@ -1156,7 +1143,6 @@ function show_edit_form($defaults = array()) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="lay_edit_real" />
<?php
- echo get_hidden_cfg();
show_config_form(array(
array('Display of properties while editing', 'DefaultPropDisplay', 'How to list properties (table structure or values) while editing', array('horizontal', 'vertical')),
array('Number of inserted rows', 'InsertRows', 'How many rows can be inserted at once'),
@@ -1190,7 +1176,6 @@ function show_window_form($defaults = array()) {
<?php echo get_hidden_inputs();?>
<input type="hidden" name="action" value="lay_window_real" />
<?php
- echo get_hidden_cfg();
show_config_form(array(
array('Edit SQL in window', 'EditInWindow', 'Whether edit links will edit in query window.', TRUE),
array('Query window height', 'QueryWindowHeight', 'Height of query window'),
@@ -1284,12 +1269,12 @@ function load_config($config_file) {
header('Content-Type: text/plain');
header('Content-Disposition: attachment; filename="config.inc.php"');
- echo get_cfg_string($configuration);
+ echo get_cfg_string($_SESSION['configuration']);
exit;
break;
case 'display':
echo '<form method="none" action=""><textarea name="config" cols="50" rows="20" id="textconfig" wrap="off">' . "\n";
- echo htmlspecialchars(get_cfg_string($configuration));
+ echo htmlspecialchars(get_cfg_string($_SESSION['configuration']));
echo '</textarea></form>' . "\n";
?>
<script type="text/javascript">
@@ -1320,7 +1305,7 @@ function load_config($config_file) {
message('error', 'Could not open config file for writing! Bad permissions?');
break;
}
- $s = get_cfg_string($configuration);
+ $s = get_cfg_string($_SESSION['configuration']);
$r = fwrite($config, $s);
if (!$r || $r != strlen($s)) {
message('error', 'Could not write to config file! Not enough space?');
@@ -1338,14 +1323,14 @@ function load_config($config_file) {
}
$new_cfg = load_config('./config/config.inc.php');
if (!($new_cfg === FALSE)) {
- $configuration = $new_cfg;
+ $_SESSION['configuration'] = $new_cfg;
}
$show_info = TRUE;
break;
case 'addserver_real':
if (isset($_POST['submit_save'])) {
- $new_server = grab_values('host;extension;port;socket;connect_type;compress:bool;controluser;controlpass;auth_type;user;password;only_db;verbose;pmadb;bookmarktable:serialized;relation:serialized;table_info:serialized;table_coords:serialized;pdf_pages:serialized;column_info:serialized;designer_coords:serialized;history:serialized;AllowDeny:serialized;SignonSession;SignonURL;LogoutURL');
+ $new_server = grab_values('host;extension;port;socket;connect_type;compress:bool;controluser;controlpass;auth_type;user;password;only_db;verbose;pmadb;bookmarktable;relation;table_info;table_coords;pdf_pages;column_info;designer_coords;history;AllowDeny:allow-deny;SignonSession;SignonURL;LogoutURL');
$err = FALSE;
if (empty($new_server['host'])) {
message('error', 'Empty hostname!');
@@ -1423,16 +1408,16 @@ function load_config($config_file) {
show_server_form($new_server, isset($_POST['server']) ? $_POST['server'] : FALSE);
} else {
if (isset($_POST['server'])) {
- $configuration['Servers'][$_POST['server']] = $new_server;
+ $_SESSION['configuration']['Servers'][$_POST['server']] = $new_server;
message('notice', 'Changed server ' . get_server_name($new_server, $_POST['server']));
} else {
- $configuration['Servers'][] = $new_server;
+ $_SESSION['configuration']['Servers'][] = $new_server;
message('notice', 'New server added');
}
$show_info = TRUE;
- if ($new_server['auth_type'] == 'cookie' && empty($configuration['blowfish_secret'])) {
+ if ($new_server['auth_type'] == 'cookie' && empty($_SESSION['configuration']['blowfish_secret'])) {
message('notice', 'You did not have configured blowfish secret and you want to use cookie authentication so I generated blowfish secret for you. It is used to encrypt cookies.', 'Blowfish secret generated');
- $configuration['blowfish_secret'] = uniqid('', TRUE);
+ $_SESSION['configuration']['blowfish_secret'] = uniqid('', TRUE);
}
}
unset($new_server);
@@ -1441,7 +1426,7 @@ function load_config($config_file) {
}
break;
case 'addserver':
- if (count($configuration['Servers']) == 0) {
+ if (count($_SESSION['configuration']['Servers']) == 0) {
// First server will use defaults as in config.default.php
$defaults = $PMA_Config_Setup->default_server;
unset($defaults['AllowDeny']); // Ignore this for now
@@ -1474,22 +1459,22 @@ function load_config($config_file) {
if (!isset($_POST['server'])) {
footer();
}
- show_server_form($configuration['Servers'][$_POST['server']], $_POST['server']);
+ show_server_form($_SESSION['configuration']['Servers'][$_POST['server']], $_POST['server']);
break;
case 'deleteserver':
if (!isset($_POST['server'])) {
footer();
}
- message('notice', 'Deleted server ' . get_server_name($configuration['Servers'][$_POST['server']], $_POST['server']));
- unset($configuration['Servers'][$_POST['server']]);
- compress_servers($configuration);
+ message('notice', 'Deleted server ' . get_server_name($_SESSION['configuration']['Servers'][$_POST['server']], $_POST['server']));
+ unset($_SESSION['configuration']['Servers'][$_POST['server']]);
+ compress_servers($_SESSION['configuration']);
$show_info = TRUE;
break;
case 'servers':
- if (count($configuration['Servers']) == 0) {
+ if (count($_SESSION['configuration']['Servers']) == 0) {
message('notice', 'No servers defined, so none can be shown');
} else {
- foreach ($configuration['Servers'] as $i => $srv) {
+ foreach ($_SESSION['configuration']['Servers'] as $i => $srv) {
$data = array();
if (!empty($srv['verbose'])) {
$data[] = array('Verbose name', $srv['verbose']);
@@ -1521,7 +1506,7 @@ function load_config($config_file) {
if ($err) {
show_upload_form($dirs);
} else {
- $configuration = array_merge($configuration, $dirs);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $dirs);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1530,7 +1515,7 @@ function load_config($config_file) {
}
break;
case 'feat_upload':
- show_upload_form($configuration);
+ show_upload_form($_SESSION['configuration']);
break;
case 'feat_security_real':
@@ -1550,7 +1535,7 @@ function load_config($config_file) {
if ($err) {
show_security_form($vals);
} else {
- $configuration = array_merge($configuration, $vals);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1559,7 +1544,7 @@ function load_config($config_file) {
}
break;
case 'feat_security':
- show_security_form($configuration);
+ show_security_form($_SESSION['configuration']);
break;
case 'feat_manual_real':
@@ -1573,7 +1558,7 @@ function load_config($config_file) {
if ($err) {
show_manual_form($vals);
} else {
- $configuration = array_merge($configuration, $vals);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1582,7 +1567,7 @@ function load_config($config_file) {
}
break;
case 'feat_manual':
- show_manual_form($configuration);
+ show_manual_form($_SESSION['configuration']);
break;
case 'feat_charset_real':
@@ -1592,7 +1577,7 @@ function load_config($config_file) {
if ($err) {
show_charset_form($vals);
} else {
- $configuration = array_merge($configuration, $vals);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1601,7 +1586,7 @@ function load_config($config_file) {
}
break;
case 'feat_charset':
- $d = $configuration;
+ $d = $_SESSION['configuration'];
if (!isset($d['RecodingEngine'])) {
if (@extension_loaded('iconv')) {
$d['RecodingEngine'] = 'iconv';
@@ -1635,7 +1620,7 @@ function load_config($config_file) {
if ($err) {
show_extensions_form($vals);
} else {
- $configuration = array_merge($configuration, $vals);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1644,7 +1629,7 @@ function load_config($config_file) {
}
break;
case 'feat_extensions':
- $d = $configuration;
+ $d = $_SESSION['configuration'];
if (!@extension_loaded('mbstring')) {
PMA_dl('mbstring');
}
@@ -1675,7 +1660,7 @@ function load_config($config_file) {
if ($err) {
show_relation_form($vals);
} else {
- $configuration = array_merge($configuration, $vals);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1684,7 +1669,7 @@ function load_config($config_file) {
}
break;
case 'feat_relation':
- show_relation_form($configuration);
+ show_relation_form($_SESSION['configuration']);
break;
case 'lay_navigation_real':
@@ -1705,7 +1690,7 @@ function load_config($config_file) {
if ($err) {
show_left_form($vals);
} else {
- $configuration = array_merge($configuration, $vals);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1714,7 +1699,7 @@ function load_config($config_file) {
}
break;
case 'lay_navigation':
- show_left_form($configuration);
+ show_left_form($_SESSION['configuration']);
break;
case 'lay_tabs_real':
@@ -1724,7 +1709,7 @@ function load_config($config_file) {
if ($err) {
show_tabs_form($vals);
} else {
- $configuration = array_merge($configuration, $vals);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1733,7 +1718,7 @@ function load_config($config_file) {
}
break;
case 'lay_tabs':
- show_tabs_form($configuration);
+ show_tabs_form($_SESSION['configuration']);
break;
case 'lay_icons_real':
@@ -1743,7 +1728,7 @@ function load_config($config_file) {
if ($err) {
show_icons_form($vals);
} else {
- $configuration = array_merge($configuration, $vals);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1752,7 +1737,7 @@ function load_config($config_file) {
}
break;
case 'lay_icons':
- show_icons_form($configuration);
+ show_icons_form($_SESSION['configuration']);
break;
case 'lay_browse_real':
@@ -1770,7 +1755,7 @@ function load_config($config_file) {
if ($err) {
show_browse_form($vals);
} else {
- $configuration = array_merge($configuration, $vals);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1779,7 +1764,7 @@ function load_config($config_file) {
}
break;
case 'lay_browse':
- show_browse_form($configuration);
+ show_browse_form($_SESSION['configuration']);
break;
case 'lay_edit_real':
@@ -1809,7 +1794,7 @@ function load_config($config_file) {
if ($err) {
show_edit_form($vals);
} else {
- $configuration = array_merge($configuration, $vals);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1818,7 +1803,7 @@ function load_config($config_file) {
}
break;
case 'lay_edit':
- show_edit_form($configuration);
+ show_edit_form($_SESSION['configuration']);
break;
case 'lay_window_real':
@@ -1836,7 +1821,7 @@ function load_config($config_file) {
if ($err) {
show_window_form($vals);
} else {
- $configuration = array_merge($configuration, $vals);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1845,7 +1830,7 @@ function load_config($config_file) {
}
break;
case 'lay_window':
- show_window_form($configuration);
+ show_window_form($_SESSION['configuration']);
break;
/* Template for new actions:
@@ -1860,7 +1845,7 @@ function load_config($config_file) {
if ($err) {
show_blah_form($vals);
} else {
- $configuration = array_merge($configuration, $vals);
+ $_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
message('notice', 'Configuration changed');
$show_info = TRUE;
}
@@ -1869,7 +1854,7 @@ function load_config($config_file) {
}
break;
case 'blah':
- show_blah_form($configuration);
+ show_blah_form($_SESSION['configuration']);
break;
*/
case 'versioncheck': // Check for latest available version
@@ -1931,7 +1916,7 @@ function load_config($config_file) {
break;
case 'seteol':
- $eoltype = $_POST['neweol'];
+ $_SESSION['eoltype'] = $_POST['neweol'];
message('notice', 'End of line format changed.');
case 'clear': // Actual clearing is done on beginning of this script
case 'main':
@@ -1967,14 +1952,14 @@ function load_config($config_file) {
if ($show_info) {
$servers = 'none';
$servers_text = 'Servers';
- if (count($configuration['Servers']) == 0) {
+ if (count($_SESSION['configuration']['Servers']) == 0) {
message('warning', 'No servers defined, you probably want to add one.');
} else {
$servers = '';
- $servers_text = 'Servers (' . count($configuration['Servers']) . ')';
+ $servers_text = 'Servers (' . count($_SESSION['configuration']['Servers']) . ')';
$sep = '';
- foreach ($configuration['Servers'] as $key => $val) {
+ foreach ($_SESSION['configuration']['Servers'] as $key => $val) {
$servers .= $sep;
$sep = ', ';
$servers .= get_server_name($val, $key);
@@ -1984,9 +1969,9 @@ function load_config($config_file) {
show_overview('Current configuration overview',
array(
array($servers_text, $servers),
- array('SQL files upload', empty($configuration['UploadDir']) ? 'disabled' : 'enabled'),
- array('Exported files on server', empty($configuration['SaveDir']) ? 'disabled' : 'enabled'),
- array('Charset conversion', isset($configuration['AllowAnywhereRecoding']) && $configuration['AllowAnywhereRecoding'] ? 'enabled' : 'disabled'),
+ array('SQL files upload', empty($_SESSION['configuration']['UploadDir']) ? 'disabled' : 'enabled'),
+ array('Exported files on server', empty($_SESSION['configuration']['SaveDir']) ? 'disabled' : 'enabled'),
+ array('Charset conversion', isset($_SESSION['configuration']['AllowAnywhereRecoding']) && $_SESSION['configuration']['AllowAnywhereRecoding'] ? 'enabled' : 'disabled'),
));
unset($servers_text, $servers);
}
@@ -1996,7 +1981,7 @@ function load_config($config_file) {
echo '<fieldset class="toolbar"><legend>Servers</legend>' . "\n";
echo get_action('addserver', 'Add');
-$servers = get_server_selection($configuration);
+$servers = get_server_selection($_SESSION['configuration']);
if (!empty($servers)) {
echo get_action('servers', 'List');
echo get_action('deleteserver', 'Delete', $servers);
@@ -2031,9 +2016,9 @@ function load_config($config_file) {
echo get_action('clear', 'Clear');
echo get_action('seteol', 'Change end of line',
'<select name="neweol">' .
- '<option value="unix" ' . ($eoltype == 'unix' ? ' selected="selected"' : '') . '>UNIX/Linux (\\n)</option>' .
- '<option value="dos" ' . ($eoltype == 'dos' ? ' selected="selected"' : '') . '>DOS/Windows (\\r\\n)</option>' .
- '<option value="mac" ' . ($eoltype == 'mac' ? ' selected="selected"' : '') . '>Macintosh (\\r)</option>' . '
+ '<option value="unix" ' . ($_SESSION['eoltype'] == 'unix' ? ' selected="selected"' : '') . '>UNIX/Linux (\\n)</option>' .
+ '<option value="dos" ' . ($_SESSION['eoltype'] == 'dos' ? ' selected="selected"' : '') . '>DOS/Windows (\\r\\n)</option>' .
+ '<option value="mac" ' . ($_SESSION['eoltype'] == 'mac' ? ' selected="selected"' : '') . '>Macintosh (\\r)</option>' . '
</select>');
echo '</fieldset>' . "\n\n";
View
4 phpmyadmin/translators.html
@@ -8,7 +8,7 @@
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <title>phpMyAdmin 2.11.9.5 - Official translators</title>
+ <title>phpMyAdmin 2.11.10 - Official translators</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -31,7 +31,7 @@
<li><a href="Documentation.html#glossary">Glossary</a></li>
</ul>
-<h1>phpMyAdmin 2.11.9.5 official translators list</h1>
+<h1>phpMyAdmin 2.11.10 official translators list</h1>
<p> Here is the list of the &quot;official translators&quot; of
phpMyAdmin.</p>

0 comments on commit 5549fc5

Please sign in to comment.