diff --git a/ChangeLog b/ChangeLog
index 4372f0e23031..28f5fe7a3acf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,9 @@
phpMyAdmin - ChangeLog
======================
+4.3.13.1 (Not yet released)
+- bug #4899 [security] CSRF vulnerability in setup
+
4.3.13.0 (2015-03-29)
- bug #4803 "Show hidden items" is sometimes hidden
- bug #4807 Breaks when sorting by multiple columns while using UNION
diff --git a/libraries/url_generating.lib.php b/libraries/url_generating.lib.php
index 0641f5aa334f..fec864eba91e 100644
--- a/libraries/url_generating.lib.php
+++ b/libraries/url_generating.lib.php
@@ -179,6 +179,7 @@ function PMA_URL_getCommon($params = array(), $encode = 'html', $divider = '?')
if (isset($GLOBALS['server'])
&& $GLOBALS['server'] != $GLOBALS['cfg']['ServerDefault']
&& ! isset($params['server'])
+ && ! defined('PMA_SETUP')
) {
$params['server'] = $GLOBALS['server'];
}
diff --git a/setup/frames/form.inc.php b/setup/frames/form.inc.php
index 2fb2cda0f447..4e25bfe1d2c3 100644
--- a/setup/frames/form.inc.php
+++ b/setup/frames/form.inc.php
@@ -19,8 +19,8 @@
require './libraries/config/setup.forms.php';
-$formset_id = filter_input(INPUT_GET, 'formset');
-$mode = filter_input(INPUT_GET, 'mode');
+$formset_id = isset($_GET['formset']) ? $_GET['formset'] : null;
+$mode = isset($_GET['mode']) ? $_GET['mode'] : null;
if (! isset($forms[$formset_id])) {
PMA_fatalError(__('Incorrect formset, check $formsets array in setup/frames/form.inc.php!'));
}
diff --git a/setup/frames/index.inc.php b/setup/frames/index.inc.php
index c291c3c3275d..2c341ec2c99a 100644
--- a/setup/frames/index.inc.php
+++ b/setup/frames/index.inc.php
@@ -174,12 +174,12 @@
echo '
' . htmlspecialchars($cf->getServerDSN($id)) . ' | ';
echo '';
echo '';
- echo ''
+ echo ''
. __('Edit') . '';
echo ' | ';
- echo ''
+ echo ''
. __('Delete') . '';
echo '';
echo ' | ';
@@ -308,7 +308,6 @@
echo '' . __('phpMyAdmin homepage') . '';
echo ''
. __('Donate') . '';
-echo ''
+echo ''
. __('Check for latest version') . '';
echo '';
diff --git a/setup/frames/menu.inc.php b/setup/frames/menu.inc.php
index d82dce07f261..a78c84d689fe 100644
--- a/setup/frames/menu.inc.php
+++ b/setup/frames/menu.inc.php
@@ -10,11 +10,11 @@
exit;
}
-$formset_id = filter_input(INPUT_GET, 'formset');
+$formset_id = isset($_GET['formset']) ? $_GET['formset'] : null;
$separator = PMA_URL_getArgSeparator('html');
echo '';
-echo '- ' . __('Overview') . '
';
@@ -28,7 +28,8 @@
);
foreach ($formsets as $formset => $label) {
- echo '- ' . $label . '
';
}
diff --git a/setup/frames/servers.inc.php b/setup/frames/servers.inc.php
index 87c5cee1d7fe..859a784816f0 100644
--- a/setup/frames/servers.inc.php
+++ b/setup/frames/servers.inc.php
@@ -19,8 +19,8 @@
require './libraries/config/setup.forms.php';
-$mode = filter_input(INPUT_GET, 'mode');
-$id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
+$mode = isset($_GET['mode']) ? $_GET['mode'] : null;
+$id = PMA_isValid($_GET['id'], 'numeric') ? $_GET['id'] : null;
$cf = $GLOBALS['ConfigFile'];
$server_exists = !empty($id) && $cf->get("Servers/$id") !== null;
diff --git a/setup/index.php b/setup/index.php
index f6fa6215b1c9..dd9fb23e73d7 100644
--- a/setup/index.php
+++ b/setup/index.php
@@ -12,7 +12,7 @@
*/
require './lib/common.inc.php';
-$page = filter_input(INPUT_GET, 'page');
+$page = isset($_GET['page']) ? $_GET['page'] : null;
$page = preg_replace('/[^a-z]/', '', $page);
if ($page === '') {
$page = 'index';
@@ -23,7 +23,7 @@
}
// Handle done action info
-$action_done = filter_input(INPUT_GET, 'action_done');
+$action_done = isset($_GET['action_done']) ? $_GET['action_done'] : null;
$action_done = preg_replace('/[^a-z_]/', '', $action_done);
PMA_noCacheHeader();
diff --git a/setup/lib/form_processing.lib.php b/setup/lib/form_processing.lib.php
index 5d762e76c5d9..db80e44ec5c4 100644
--- a/setup/lib/form_processing.lib.php
+++ b/setup/lib/form_processing.lib.php
@@ -15,7 +15,7 @@
*/
function PMA_Process_formset(FormDisplay $form_display)
{
- if (filter_input(INPUT_GET, 'mode') == 'revert') {
+ if (isset($_GET['mode']) && $_GET['mode'] == 'revert') {
// revert erroneous fields to their default values
$form_display->fixErrors();
PMA_generateHeader303();
@@ -35,10 +35,10 @@ function PMA_Process_formset(FormDisplay $form_display)
// form has errors, show warning
$separator = PMA_URL_getArgSeparator('html');
- $page = filter_input(INPUT_GET, 'page');
- $formset = filter_input(INPUT_GET, 'formset');
+ $page = isset($_GET['page']) ? $_GET['page'] : null;
+ $formset = isset($_GET['formset']) ? $_GET['formset'] : null;
$formset = $formset ? "{$separator}formset=$formset" : '';
- $formId = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
+ $formId = PMA_isValid($_GET['id'], 'numeric') ? $_GET['id'] : null;
if ($formId === null && $page == 'servers') {
// we've just added a new server, get its id
$formId = $form_display->getConfigFile()->getServerCount();
@@ -48,15 +48,18 @@ function PMA_Process_formset(FormDisplay $form_display)
displayErrors() ?>
-
+
+
-