Skip to content

Commit

Permalink
Merge branch 'QA_4_6' into QA_4_6-security
Browse files Browse the repository at this point in the history
  • Loading branch information
@nijel
nijel committed Oct 4, 2016
2 parents a7a5413 + a7786dd commit 6995152
Show file tree
Hide file tree
Showing 88 changed files with 805 additions and 363 deletions.
11 changes: 11 additions & 0 deletions ChangeLog
View file
Expand Up @@ -47,6 +47,17 @@ phpMyAdmin - ChangeLog
- issue #12511 Clarify documentation on ArbitraryServerRegexp
- issue #12508 Remove duplicate code in SQL escaping
- issue #12475 Cleanup code for getting table information
- issue #12579 phpMyAdmin's export of a Select statment without a FROM clause generates Wrong SQL
- issue #12316 Correct export of complex SELECT statements
- issue #12080 Fixed parsing of subselect queries
- issue #11740 Fixed handling DELETE ... USING queries
- issue #12100 Fixed handling of CASE operator
- issue #12455 Query history stores separate entry for every letter typed
- issue #12327 Create PHP code no longer works
- issue #12179 Fixed bookmarking of query with multiple statements
- issue #12419 Wrong description on GRANT OPTION
- issue #12615 Fixed regexp for matching browser versions
- issue #12569 Avoid showing import errors twice

4.6.4 (2016-08-16)
- issue [security] Weaknesses with cookie encryption, see PMASA-2016-29
Expand Down
2 changes: 1 addition & 1 deletion doc/config.rst
View file
Expand Up @@ -1558,7 +1558,7 @@ Cookie authentication options
$cfg['ArbitraryServerRegexp'] = '/^(server|another|yetdifferent)$/';
// Allow connection to range of IP addresses:
$cfg['ArbitraryServerRegexp'] = '@^192.168.0.[0-9]{1,}$@';
$cfg['ArbitraryServerRegexp'] = '@^192\.168\.0\.[0-9]{1,}$@';
// Allow connection to server name ending with -mysql:
$cfg['ArbitraryServerRegexp'] = '@^[^:]\-mysql$@';
Expand Down
20 changes: 18 additions & 2 deletions import.php
View file
Expand Up @@ -199,7 +199,10 @@
$_SESSION['Import_message']['message'] = $message->getDisplay();
$_SESSION['Import_message']['go_back_url'] = $GLOBALS['goto'];

$message->display();
$response = PMA\libraries\Response::getInstance();
$response->setRequestStatus(false);
$response->addJSON('message', $message);

exit; // the footer is displayed automatically
}

Expand Down Expand Up @@ -785,6 +788,7 @@
}

$html_output = '';

foreach ($sql_queries as $sql_query) {

// parse sql query
Expand Down Expand Up @@ -820,7 +824,7 @@
$db, // db
$table, // table
null, // find_real_end
$_REQUEST['sql_query'], // sql_query_for_bookmark
null, // sql_query_for_bookmark - see below
null, // extra_data
null, // message_to_show
null, // message
Expand All @@ -836,6 +840,18 @@
);
}

// sql_query_for_bookmark is not included in PMA_executeQueryAndGetQueryResponse
// since only one bookmark has to be added for all the queries submitted through
// the SQL tab
if (! empty($_POST['bkm_label']) && ! empty($import_text)) {
$cfgBookmark = PMA_Bookmark_getParams();
PMA_storeTheQueryAsBookmark(
$db, $cfgBookmark['user'],
$_REQUEST['sql_query'], $_POST['bkm_label'],
isset($_POST['bkm_replace']) ? $_POST['bkm_replace'] : null
);
}

$response = PMA\libraries\Response::getInstance();
$response->addJSON('ajax_reload', $ajax_reload);
$response->addHTML($html_output);
Expand Down
1 change: 1 addition & 0 deletions js/codemirror/addon/lint/sql-lint.js
View file
Expand Up @@ -33,6 +33,7 @@ CodeMirror.sqlLint = function(text, updateLinting, options, cm) {
token: PMA_commonParams.get('token'),
server: PMA_commonParams.get('server'),
options: options.lintOptions,
no_history: true,
},
success: handleResponse
});
Expand Down
10 changes: 5 additions & 5 deletions libraries/Config.php
View file
Expand Up @@ -193,20 +193,20 @@ public function checkClient()
// (must check everything else before Mozilla)

$is_mozilla = preg_match(
'@Mozilla/([0-9].[0-9]{1,2})@',
'@Mozilla/([0-9]\.[0-9]{1,2})@',
$HTTP_USER_AGENT,
$mozilla_version
);

if (preg_match(
'@Opera(/| )([0-9].[0-9]{1,2})@',
'@Opera(/| )([0-9]\.[0-9]{1,2})@',
$HTTP_USER_AGENT,
$log_version
)) {
$this->set('PMA_USR_BROWSER_VER', $log_version[2]);
$this->set('PMA_USR_BROWSER_AGENT', 'OPERA');
} elseif (preg_match(
'@(MS)?IE ([0-9]{1,2}.[0-9]{1,2})@',
'@(MS)?IE ([0-9]{1,2}\.[0-9]{1,2})@',
$HTTP_USER_AGENT,
$log_version
)) {
Expand All @@ -220,7 +220,7 @@ public function checkClient()
$this->set('PMA_USR_BROWSER_VER', intval($log_version[1]) + 4);
$this->set('PMA_USR_BROWSER_AGENT', 'IE');
} elseif (preg_match(
'@OmniWeb/([0-9].[0-9]{1,2})@',
'@OmniWeb/([0-9]{1,3})@',
$HTTP_USER_AGENT,
$log_version
)) {
Expand Down Expand Up @@ -265,7 +265,7 @@ public function checkClient()
'PMA_USR_BROWSER_VER', $log_version[1]
);
$this->set('PMA_USR_BROWSER_AGENT', 'FIREFOX');
} elseif (preg_match('@rv:1.9(.*)Gecko@', $HTTP_USER_AGENT)) {
} elseif (preg_match('@rv:1\.9(.*)Gecko@', $HTTP_USER_AGENT)) {
$this->set('PMA_USR_BROWSER_VER', '1.9');
$this->set('PMA_USR_BROWSER_AGENT', 'GECKO');
} elseif ($is_mozilla) {
Expand Down
14 changes: 11 additions & 3 deletions libraries/Util.php
View file
Expand Up @@ -1164,6 +1164,8 @@ public static function getMessage(

if (! empty($GLOBALS['show_as_php'])) {
$query_base = '$sql = \'' . $query_base;
$query_base = '<code class="php"><pre>' . "\n"
. $query_base;
} elseif (isset($query_base)) {
$query_base = self::formatSql($query_base);
}
Expand Down Expand Up @@ -1234,7 +1236,9 @@ public static function getMessage(

// even if the query is big and was truncated, offer the chance
// to edit it (unless it's enormous, see linkOrButton() )
if (! empty($cfg['SQLQuery']['Edit'])) {
if (! empty($cfg['SQLQuery']['Edit'])
&& empty($GLOBALS['show_as_php'])
) {
$edit_link .= PMA_URL_getCommon($url_params) . '#querybox';
$edit_link = ' ['
. self::linkOrButton($edit_link, __('Edit'))
Expand Down Expand Up @@ -1307,7 +1311,8 @@ public static function getMessage(

//Clean up the end of the PHP
if (! empty($GLOBALS['show_as_php'])) {
$retval .= '\';';
$retval .= '\';' . "\n"
. '</pre></code>';
}
$retval .= '</div>';

Expand All @@ -1333,7 +1338,10 @@ public static function getMessage(
/**
* TODO: Should we have $cfg['SQLQuery']['InlineEdit']?
*/
if (! empty($cfg['SQLQuery']['Edit']) && ! $query_too_big) {
if (! empty($cfg['SQLQuery']['Edit'])
&& ! $query_too_big
&& empty($GLOBALS['show_as_php'])
) {
$inline_edit_link = ' ['
. self::linkOrButton(
'#',
Expand Down
37 changes: 25 additions & 12 deletions libraries/server_privileges.lib.php
View file
Expand Up @@ -1032,8 +1032,8 @@ function PMA_getTriggerPrivilegeTable()
'Grant',
'GRANT',
__(
'Allows adding users and privileges '
. 'without reloading the privilege tables.'
'Allows user to give to other users or remove from other users '
. 'privileges that user possess on this routine.'
)
),
array(
Expand Down Expand Up @@ -1402,16 +1402,16 @@ function PMA_getStructurePrivilegeTable($table, $row)
*/
function PMA_getAdministrationPrivilegeTable($db)
{
$adminPrivTable = array(
array('Grant',
'GRANT',
__(
'Allows adding users and privileges '
. 'without reloading the privilege tables.'
)
),
);
if ($db == '*') {
$adminPrivTable = array(
array('Grant',
'GRANT',
__(
'Allows adding users and privileges '
. 'without reloading the privilege tables.'
)
),
);
$adminPrivTable[] = array('Super',
'SUPER',
__(
Expand All @@ -1438,6 +1438,17 @@ function PMA_getAdministrationPrivilegeTable($db)
__('Gives access to the complete list of databases.')
);
}
else {
$adminPrivTable = array(
array('Grant',
'GRANT',
__(
'Allows user to give to other users or remove from other'
. ' users the privileges that user possess yourself.'
)
),
);
}
$adminPrivTable[] = array('Lock_tables',
'LOCK TABLES',
__('Allows locking tables for the current thread.')
Expand Down Expand Up @@ -5153,7 +5164,9 @@ function PMA_addUserAndCreateDatabase($_error, $real_sql_query, $sql_query,
// Grant all privileges on wildcard name (username\_%)
$q = 'GRANT ALL PRIVILEGES ON '
. Util::backquote(
Util::sqlAddSlashes($username) . '\_%'
Util::escapeMysqlWildcards(
Util::sqlAddSlashes($username)
) . '\_%'
) . '.* TO \''
. Util::sqlAddSlashes($username)
. '\'@\'' . Util::sqlAddSlashes($hostname) . '\';';
Expand Down
3 changes: 1 addition & 2 deletions libraries/sql-parser/src/Component.php
View file
Expand Up @@ -20,8 +20,7 @@
*
* @category Components
* @package SqlParser
* @author Dan Ungureanu <udan1107@gmail.com>
* @license http://opensource.org/licenses/GPL-2.0 GNU Public License
* @license https://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
*/
abstract class Component
{
Expand Down
3 changes: 1 addition & 2 deletions libraries/sql-parser/src/Components/AlterOperation.php
View file
Expand Up @@ -19,8 +19,7 @@
* @category Components
* @package SqlParser
* @subpackage Components
* @author Dan Ungureanu <udan1107@gmail.com>
* @license http://opensource.org/licenses/GPL-2.0 GNU Public License
* @license https://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
*/
class AlterOperation extends Component
{
Expand Down
3 changes: 1 addition & 2 deletions libraries/sql-parser/src/Components/Array2d.php
View file
Expand Up @@ -19,8 +19,7 @@
* @category Keywords
* @package SqlParser
* @subpackage Components
* @author Dan Ungureanu <udan1107@gmail.com>
* @license http://opensource.org/licenses/GPL-2.0 GNU Public License
* @license https://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
*/
class Array2d extends Component
{
Expand Down
3 changes: 1 addition & 2 deletions libraries/sql-parser/src/Components/ArrayObj.php
View file
Expand Up @@ -19,8 +19,7 @@
* @category Components
* @package SqlParser
* @subpackage Components
* @author Dan Ungureanu <udan1107@gmail.com>
* @license http://opensource.org/licenses/GPL-2.0 GNU Public License
* @license https://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
*/
class ArrayObj extends Component
{
Expand Down

0 comments on commit 6995152

Please sign in to comment.