From 82161a6c30a9ac2502d822e29cfb66beae7eeb4c Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Wed, 4 Dec 2013 12:36:40 -0500 Subject: [PATCH 01/29] 4.0.10 release Signed-off-by: Marc Delisle --- ChangeLog | 2 +- README | 2 +- doc/conf.py | 2 +- libraries/Config.class.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index e02e51740e12..61348e792a2e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ phpMyAdmin - ChangeLog ====================== -4.0.10.0 (not yet released) +4.0.10.0 (2013-12-04) - bug #4150 Clicking database name in query window opens a new tab - bug #4141 Wrong page is shown after editing; also, do not show a modal dialog for multi-row edit diff --git a/README b/README index aaaffd3d930f..daaf74746b23 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 4.0.10-dev +Version 4.0.10 A set of PHP-scripts to manage MySQL over the web. diff --git a/doc/conf.py b/doc/conf.py index f0aaf7b15dec..3eaf6f7f6776 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -49,7 +49,7 @@ # built documents. # # The short X.Y version. -version = '4.0.10-dev' +version = '4.0.10' # The full version, including alpha/beta/rc tags. release = version diff --git a/libraries/Config.class.php b/libraries/Config.class.php index ed31712f4351..1332311802a9 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -102,7 +102,7 @@ function __construct($source = null) */ function checkSystem() { - $this->set('PMA_VERSION', '4.0.10-dev'); + $this->set('PMA_VERSION', '4.0.10'); /** * @deprecated */ From 1b5592435617fa1b9dd68e2dc263de64c69fdc8a Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Thu, 17 Jul 2014 16:29:40 -0400 Subject: [PATCH 02/29] bug #4488 [security] XSS injection due to unescaped table name (triggers) Signed-off-by: Marc Delisle --- ChangeLog | 3 +++ libraries/rte/rte_list.lib.php | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 61348e792a2e..df7d39be2c6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ phpMyAdmin - ChangeLog ====================== +4.0.10.1 (2014-07-17) +- bug #4488 [security] XSS injection due to unescaped table name (triggers) + 4.0.10.0 (2013-12-04) - bug #4150 Clicking database name in query window opens a new tab - bug #4141 Wrong page is shown after editing; also, do not show a modal diff --git a/libraries/rte/rte_list.lib.php b/libraries/rte/rte_list.lib.php index d531cd86fbe0..0a10a1ce03d4 100644 --- a/libraries/rte/rte_list.lib.php +++ b/libraries/rte/rte_list.lib.php @@ -248,9 +248,9 @@ function PMA_TRI_getRowForList($trigger, $rowclass = '') $retval .= " \n"; if (empty($table)) { $retval .= " \n"; - $retval .= " " - . $trigger['table'] . "\n"; + $retval .= "" + . urlencode($trigger['table']) . ""; $retval .= " \n"; } $retval .= " \n"; From a92753bd65e1f8b72c46ed3dda6c362628e0daf7 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Thu, 17 Jul 2014 17:06:00 -0400 Subject: [PATCH 03/29] bug #4492 [security] XSS in AJAX confirmation messages Signed-off-by: Marc Delisle --- ChangeLog | 1 + js/functions.js | 4 ++-- js/tbl_structure.js | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index df7d39be2c6e..aea3acd1bc02 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ phpMyAdmin - ChangeLog 4.0.10.1 (2014-07-17) - bug #4488 [security] XSS injection due to unescaped table name (triggers) +- bug #4492 [security] XSS in AJAX confirmation messages 4.0.10.0 (2013-12-04) - bug #4150 Clicking database name in query window opens a new tab diff --git a/js/functions.js b/js/functions.js index 11e6ae6b8e6d..96171ec3aa10 100644 --- a/js/functions.js +++ b/js/functions.js @@ -3368,7 +3368,7 @@ AJAX.registerOnload('functions.js', function() { var question = PMA_messages.strDropTableStrongWarning + ' '; question += $.sprintf( PMA_messages.strDoYouReally, - 'DROP TABLE ' + PMA_commonParams.get('table') + 'DROP TABLE ' + escapeHtml(PMA_commonParams.get('table')) ); $(this).PMA_confirm(question, $(this).attr('href'), function(url) { @@ -3401,7 +3401,7 @@ AJAX.registerOnload('functions.js', function() { var question = PMA_messages.strTruncateTableStrongWarning + ' '; question += $.sprintf( PMA_messages.strDoYouReally, - 'TRUNCATE ' + PMA_commonParams.get('table') + 'TRUNCATE ' + escapeHtml(PMA_commonParams.get('table')) ); $(this).PMA_confirm(question, $(this).attr('href'), function(url) { PMA_ajaxShowMessage(PMA_messages['strProcessingRequest']); diff --git a/js/tbl_structure.js b/js/tbl_structure.js index 7a6620f7fcc9..69564a1b1efc 100644 --- a/js/tbl_structure.js +++ b/js/tbl_structure.js @@ -144,6 +144,7 @@ AJAX.registerOnload('tbl_structure.js', function() { * @var curr_column_name String containing name of the field referred to by {@link curr_row} */ var curr_column_name = $curr_row.children('th').children('label').text(); + curr_column_name = escapeHtml(curr_column_name); /** * @var $after_field_item Corresponding entry in the 'After' field. */ From f86761326c97eb5e2c9cefa2b1871252357f00a0 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Thu, 17 Jul 2014 17:35:22 -0400 Subject: [PATCH 04/29] 4.0.10.1 release Signed-off-by: Marc Delisle --- README | 4 ++-- doc/conf.py | 2 +- libraries/Config.class.php | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README b/README index daaf74746b23..f73687e1a5b9 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 4.0.10 +Version 4.0.10.1 A set of PHP-scripts to manage MySQL over the web. @@ -13,7 +13,7 @@ Copyright Copyright (C) 1998-2000 Tobias Ratschiller -Copyright (C) 2001-2013 +Copyright (C) 2001-2014 Marc Delisle Olivier Müller Robin Johnson diff --git a/doc/conf.py b/doc/conf.py index 3eaf6f7f6776..05ded248a63d 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -49,7 +49,7 @@ # built documents. # # The short X.Y version. -version = '4.0.10' +version = '4.0.10.1' # The full version, including alpha/beta/rc tags. release = version diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 1332311802a9..8fc3a6f7d3da 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -102,7 +102,7 @@ function __construct($source = null) */ function checkSystem() { - $this->set('PMA_VERSION', '4.0.10'); + $this->set('PMA_VERSION', '4.0.10.1'); /** * @deprecated */ From 285ed5b8d3bc9279fe6ed01da8151ed66be9b137 Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Wed, 6 Aug 2014 07:16:17 +0530 Subject: [PATCH 05/29] bug #4501 [security] XSS in table browse page --- ChangeLog | 3 +++ js/sql.js | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index aea3acd1bc02..0eb42f0cfeba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ phpMyAdmin - ChangeLog ====================== +4.0.10.1 (Not yet released) +- bug #4501 [security] XSS in table browse page + 4.0.10.1 (2014-07-17) - bug #4488 [security] XSS injection due to unescaped table name (triggers) - bug #4492 [security] XSS in AJAX confirmation messages diff --git a/js/sql.js b/js/sql.js index bb07da27576d..aa2bf196d188 100644 --- a/js/sql.js +++ b/js/sql.js @@ -103,7 +103,7 @@ AJAX.registerOnload('sql.js', function() { // Delete row from SQL results $('a.delete_row.ajax').click(function (e) { e.preventDefault(); - var question = $.sprintf(PMA_messages['strDoYouReally'], $(this).closest('td').find('div').text()); + var question = $.sprintf(PMA_messages['strDoYouReally'], escapeHtml($(this).closest('td').find('div').text())); var $link = $(this); $link.PMA_confirm(question, $link.attr('href'), function (url) { $msgbox = PMA_ajaxShowMessage(); From 0433d463b6c05ea7b1080995414268fe0a449b00 Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Wed, 6 Aug 2014 07:20:52 +0530 Subject: [PATCH 06/29] bug #4502 [security] Self-XSS in enum value editor Signed-off-by: Madhura Jayaratne --- ChangeLog | 1 + js/functions.js | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0eb42f0cfeba..704414f1cacb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ phpMyAdmin - ChangeLog 4.0.10.1 (Not yet released) - bug #4501 [security] XSS in table browse page +- bug #4502 [security] Self-XSS in enum value editor 4.0.10.1 (2014-07-17) - bug #4488 [security] XSS injection due to unescaped table name (triggers) diff --git a/js/functions.js b/js/functions.js index 96171ec3aa10..5fc69b5bef41 100644 --- a/js/functions.js +++ b/js/functions.js @@ -2550,7 +2550,7 @@ AJAX.registerOnload('functions.js', function() { } else { var title = PMA_messages['enum_columnVals'].replace( /%s/, - '"' + decodeURIComponent(colname) + '"' + '"' + escapeHtml(decodeURIComponent(colname)) + '"' ); } // Get the values as a string From 3668255202062dd7d60bff70236302084e73fc11 Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Wed, 6 Aug 2014 07:28:14 +0530 Subject: [PATCH 07/29] bug #4503 [security] Self-XSSes in monitor Signed-off-by: Madhura Jayaratne --- ChangeLog | 1 + js/server_status_monitor.js | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 704414f1cacb..a088d15dbc95 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ phpMyAdmin - ChangeLog 4.0.10.1 (Not yet released) - bug #4501 [security] XSS in table browse page - bug #4502 [security] Self-XSS in enum value editor +- bug #4503 [security] Self-XSSes in monitor 4.0.10.1 (2014-07-17) - bug #4488 [security] XSS injection due to unescaped table name (triggers) diff --git a/js/server_status_monitor.js b/js/server_status_monitor.js index dc97ec0729bf..c9f86e79f75c 100644 --- a/js/server_status_monitor.js +++ b/js/server_status_monitor.js @@ -996,7 +996,7 @@ AJAX.registerOnload('server_status_monitor.js', function() { label: $('#variableInput').val().replace(/_/g, " ") }; newChart.series.push(newSeries); - $('#seriesPreview').append('- ' + newSeries.label + str + '
'); + $('#seriesPreview').append('- ' + escapeHtml(newSeries.label + str) + '
'); newChart.nodes.push(serie); $('#variableInput').val(''); $('input[name="differentialValue"]').prop('checked', true); From 03b92aa6e923f2b4a54b298cc0042548ff7ba89b Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Wed, 6 Aug 2014 19:58:02 +0530 Subject: [PATCH 08/29] bug #4504 [security] Self-XSS in query charts Signed-off-by: Madhura Jayaratne --- ChangeLog | 1 + js/tbl_chart.js | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a088d15dbc95..fefec5b49710 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ phpMyAdmin - ChangeLog - bug #4501 [security] XSS in table browse page - bug #4502 [security] Self-XSS in enum value editor - bug #4503 [security] Self-XSSes in monitor +- bug #4504 [security] Self-XSS in query charts 4.0.10.1 (2014-07-17) - bug #4488 [security] XSS injection due to unescaped table name (triggers) diff --git a/js/tbl_chart.js b/js/tbl_chart.js index dc292fd3f96d..e4566ed6f440 100644 --- a/js/tbl_chart.js +++ b/js/tbl_chart.js @@ -260,7 +260,7 @@ function PMA_queryChart(data, columnNames, settings) { }, axes : { xaxis : { - label : settings.xaxisLabel + label : escapeHtml(settings.xaxisLabel) }, yaxis : { label : settings.yaxisLabel From 5cd9839467588b7882a5d28452d318a6caaf6b18 Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Wed, 6 Aug 2014 20:00:45 +0530 Subject: [PATCH 09/29] Fix typo Signed-off-by: Madhura Jayaratne --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index fefec5b49710..44f07aa2639c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ phpMyAdmin - ChangeLog ====================== -4.0.10.1 (Not yet released) +4.0.10.2 (Not yet released) - bug #4501 [security] XSS in table browse page - bug #4502 [security] Self-XSS in enum value editor - bug #4503 [security] Self-XSSes in monitor From 098caf93b63d4928e4df53310222c8727d0be9fe Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Sat, 16 Aug 2014 22:00:13 +0530 Subject: [PATCH 10/29] bug #4517 [security] XSS in relation view Signed-off-by: Madhura Jayaratne --- ChangeLog | 1 + tbl_relation.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 44f07aa2639c..5fba1b3ea6f2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ phpMyAdmin - ChangeLog - bug #4502 [security] Self-XSS in enum value editor - bug #4503 [security] Self-XSSes in monitor - bug #4504 [security] Self-XSS in query charts +- bug #4517 [security] XSS in relation view 4.0.10.1 (2014-07-17) - bug #4488 [security] XSS injection due to unescaped table name (triggers) diff --git a/tbl_relation.php b/tbl_relation.php index 20ee4823a2ed..4c434e917b23 100644 --- a/tbl_relation.php +++ b/tbl_relation.php @@ -498,7 +498,7 @@ $html_output .= __('Constraint name'); $html_output .= ''; + . ' value="' . htmlspecialchars($constraint_name) . '"/>'; $html_output .= '' . "\n"; $html_output .= ''; From 5e5261284190c6fe6985547fbd19d3345df14be1 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Sun, 17 Aug 2014 06:59:44 -0400 Subject: [PATCH 11/29] 4.0.10.2 release Signed-off-by: Marc Delisle --- ChangeLog | 2 +- README | 2 +- doc/conf.py | 2 +- libraries/Config.class.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5fba1b3ea6f2..2d9e2873847e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ phpMyAdmin - ChangeLog ====================== -4.0.10.2 (Not yet released) +4.0.10.2 (2014-08-17) - bug #4501 [security] XSS in table browse page - bug #4502 [security] Self-XSS in enum value editor - bug #4503 [security] Self-XSSes in monitor diff --git a/README b/README index f73687e1a5b9..574b140f9401 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 4.0.10.1 +Version 4.0.10.2 A set of PHP-scripts to manage MySQL over the web. diff --git a/doc/conf.py b/doc/conf.py index 05ded248a63d..acfa8c5fcd23 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -49,7 +49,7 @@ # built documents. # # The short X.Y version. -version = '4.0.10.1' +version = '4.0.10.2' # The full version, including alpha/beta/rc tags. release = version diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 8fc3a6f7d3da..fc4c45ad16ec 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -102,7 +102,7 @@ function __construct($source = null) */ function checkSystem() { - $this->set('PMA_VERSION', '4.0.10.1'); + $this->set('PMA_VERSION', '4.0.10.2'); /** * @deprecated */ From ab0dba4533f1d01dde43c1864413478c921cfe6b Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Fri, 12 Sep 2014 08:22:14 -0400 Subject: [PATCH 12/29] bug #4530 [security] DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions Signed-off-by: Marc Delisle --- ChangeLog | 4 ++++ js/ajax.js | 13 ++++++++++--- js/whitelist.php | 31 +++++++++++++++++++++++++++++++ libraries/Header.class.php | 14 +++++++++----- libraries/Scripts.class.php | 16 ++++++++++++---- 5 files changed, 66 insertions(+), 12 deletions(-) create mode 100644 js/whitelist.php diff --git a/ChangeLog b/ChangeLog index 2d9e2873847e..809f061ced67 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ phpMyAdmin - ChangeLog ====================== +4.0.10.3 (not yet released) +- bug #4530 [security] DOM based XSS that results to a CSRF that creates a + ROOT account in certain conditions + 4.0.10.2 (2014-08-17) - bug #4501 [security] XSS in table browse page - bug #4502 [security] Self-XSS in enum value editor diff --git a/js/ajax.js b/js/ajax.js index 77a2731aa5f4..1336e11fd548 100644 --- a/js/ajax.js +++ b/js/ajax.js @@ -714,9 +714,16 @@ AJAX.setUrlHash = (function (jQuery, window) { if (window.location.hash.substring(0, 8) == '#PMAURL-') { // We have a valid hash, let's redirect the user // to the page that it's pointing to - window.location = window.location.hash.substring( - window.location.hash.indexOf(':') + 1 - ); + var colon_position = window.location.hash.indexOf(':'); + var questionmark_position = window.location.hash.indexOf('?'); + if (colon_position != -1 && questionmark_position != -1 && colon_position < questionmark_position) { + var hash_url = window.location.hash.substring(colon_position + 1, questionmark_position); + if (PMA_gotoWhitelist.indexOf(hash_url) != -1) { + window.location = window.location.hash.substring( + colon_position + 1 + ); + } + } } else { // We don't have a valid hash, so we'll set it up // when the page finishes loading diff --git a/js/whitelist.php b/js/whitelist.php new file mode 100644 index 000000000000..0f64f5ce32f2 --- /dev/null +++ b/js/whitelist.php @@ -0,0 +1,31 @@ + diff --git a/libraries/Header.class.php b/libraries/Header.class.php index f8b6a1038c5c..9b537c7f1d8c 100644 --- a/libraries/Header.class.php +++ b/libraries/Header.class.php @@ -146,7 +146,16 @@ public function __construct() */ private function _addDefaultScripts() { + // Localised strings + $params = array('lang' => $GLOBALS['lang']); + if (isset($GLOBALS['db'])) { + $params['db'] = $GLOBALS['db']; + } + $this->_scripts->addFile('jquery/jquery-1.8.3.min.js'); + $this->_scripts->addFile( + 'whitelist.php' . PMA_generate_common_url($params), false, true + ); $this->_scripts->addFile('ajax.js'); $this->_scripts->addFile('keyhandler.js'); $this->_scripts->addFile('jquery/jquery-ui-1.9.2.custom.min.js'); @@ -169,11 +178,6 @@ private function _addDefaultScripts() // Here would not be a good place to add CodeMirror because // the user preferences have not been merged at this point - // Localised strings - $params = array('lang' => $GLOBALS['lang']); - if (isset($GLOBALS['db'])) { - $params['db'] = $GLOBALS['db']; - } $this->_scripts->addFile('messages.php' . PMA_generate_common_url($params)); // Append the theme id to this url to invalidate // the cache on a theme change. Though this might be diff --git a/libraries/Scripts.class.php b/libraries/Scripts.class.php index a3057d7e0b24..a0aa73d00800 100644 --- a/libraries/Scripts.class.php +++ b/libraries/Scripts.class.php @@ -50,6 +50,7 @@ class PMA_Scripts */ private function _includeFiles($files) { + $first_dynamic_scripts = ""; $dynamic_scripts = ""; $params = array(); foreach ($files as $value) { @@ -68,14 +69,18 @@ private function _includeFiles($files) $params[] = "scripts[]=" . $value['filename']; } } else { - $dynamic_scripts .= ""; + if ($value['before_statics'] === true) { + $first_dynamic_scripts .= ""; + } else { + $dynamic_scripts .= ""; + } } } $static_scripts = sprintf( "", implode("&", $params) ); - return $static_scripts . $dynamic_scripts; + return $first_dynamic_scripts . $static_scripts . $dynamic_scripts; } /** @@ -97,10 +102,12 @@ public function __construct() * @param string $filename The name of the file to include * @param bool $conditional_ie Whether to wrap the script tag in * conditional comments for IE + * @param bool $before_statics Whether this dynamic script should be + * include before the static ones * * @return void */ - public function addFile($filename, $conditional_ie = false) + public function addFile($filename, $conditional_ie = false, $before_statics = false) { $hash = md5($filename); if (empty($this->_files[$hash])) { @@ -108,7 +115,8 @@ public function addFile($filename, $conditional_ie = false) $this->_files[$hash] = array( 'has_onload' => $has_onload, 'filename' => $filename, - 'conditional_ie' => $conditional_ie + 'conditional_ie' => $conditional_ie, + 'before_statics' => $before_statics ); } } From ceb7d7e1b2f8ab1e61710d0d061f10193a6c44c5 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Sat, 13 Sep 2014 11:12:44 -0400 Subject: [PATCH 13/29] 4.0.10.3 release Signed-off-by: Marc Delisle --- ChangeLog | 2 +- README | 2 +- doc/conf.py | 2 +- libraries/Config.class.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 809f061ced67..0475de69085f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ phpMyAdmin - ChangeLog ====================== -4.0.10.3 (not yet released) +4.0.10.3 (2014-09-13) - bug #4530 [security] DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions diff --git a/README b/README index 574b140f9401..16441d6cf775 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 4.0.10.2 +Version 4.0.10.3 A set of PHP-scripts to manage MySQL over the web. diff --git a/doc/conf.py b/doc/conf.py index acfa8c5fcd23..97406c6eb109 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -49,7 +49,7 @@ # built documents. # # The short X.Y version. -version = '4.0.10.2' +version = '4.0.10.3' # The full version, including alpha/beta/rc tags. release = version diff --git a/libraries/Config.class.php b/libraries/Config.class.php index fc4c45ad16ec..f8d48f358e0b 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -102,7 +102,7 @@ function __construct($source = null) */ function checkSystem() { - $this->set('PMA_VERSION', '4.0.10.2'); + $this->set('PMA_VERSION', '4.0.10.3'); /** * @deprecated */ From c6c77589a5860f20b5fb335033389de50e1a9031 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Sun, 28 Sep 2014 09:48:13 -0400 Subject: [PATCH 14/29] [security] XSS with malicious ENUM values Signed-off-by: Marc Delisle --- libraries/TableSearch.class.php | 11 ++++++++--- libraries/Util.class.php | 7 +++++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/libraries/TableSearch.class.php b/libraries/TableSearch.class.php index 65f45ada6635..af6c6f5fa0f7 100644 --- a/libraries/TableSearch.class.php +++ b/libraries/TableSearch.class.php @@ -307,6 +307,7 @@ private function _getForeignKeyInputBox($foreignData, $column_name, private function _getEnumSetInputBox($column_index, $criteriaValues, $column_type, $column_id, $in_zoom_search_edit = false ) { + $column_type = htmlspecialchars($column_type); $html_output = ''; $value = explode( ', ', @@ -932,7 +933,9 @@ private function _getRowsNormal() $html_output .= '' . htmlspecialchars($this->_columnNames[$column_index]) . ''; $properties = $this->getColumnProperties($column_index, $column_index); - $html_output .= '' . $properties['type'] . ''; + $html_output .= '' + . htmlspecialchars($properties['type']) + . ''; $html_output .= '' . $properties['collation'] . ''; $html_output .= '' . $properties['func'] . ''; $html_output .= '' . $properties['value'] . ''; @@ -941,11 +944,13 @@ private function _getRowsNormal() $html_output .= ''; $html_output .= '_columnNames[$column_index]) . '" />'; $html_output .= ''; + . ' value="' + . htmlspecialchars($this->_columnTypes[$column_index]) . '" />'; $html_output .= ''; diff --git a/libraries/Util.class.php b/libraries/Util.class.php index 36ce7a1d5c87..ecaec3e319cf 100644 --- a/libraries/Util.class.php +++ b/libraries/Util.class.php @@ -3150,8 +3150,11 @@ public static function extractColumnSpec($columnspec) // for the case ENUM('–','“') $displayed_type = htmlspecialchars($printtype); if (strlen($printtype) > $GLOBALS['cfg']['LimitChars']) { - $displayed_type = ''; - $displayed_type .= substr($printtype, 0, $GLOBALS['cfg']['LimitChars']); + $displayed_type = ''; + $displayed_type .= htmlspecialchars( + substr($printtype, 0, $GLOBALS['cfg']['LimitChars']) + ); $displayed_type .= ''; } From 5118938f103e0022329847b654fcd99c8cb37de7 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Wed, 1 Oct 2014 07:20:09 -0400 Subject: [PATCH 15/29] 4.0.10.4 release Signed-off-by: Marc Delisle --- ChangeLog | 3 +++ README | 2 +- doc/conf.py | 2 +- libraries/Config.class.php | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0475de69085f..b3d31b6a272b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ phpMyAdmin - ChangeLog ====================== +4.0.10.4 (2014-10-01) +- bug #4544 [security] XSS vulnerabilities in table search and table structure pages + 4.0.10.3 (2014-09-13) - bug #4530 [security] DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions diff --git a/README b/README index 16441d6cf775..fdd5919fe9f4 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 4.0.10.3 +Version 4.0.10.4 A set of PHP-scripts to manage MySQL over the web. diff --git a/doc/conf.py b/doc/conf.py index 97406c6eb109..41172fa6b749 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -49,7 +49,7 @@ # built documents. # # The short X.Y version. -version = '4.0.10.3' +version = '4.0.10.4' # The full version, including alpha/beta/rc tags. release = version diff --git a/libraries/Config.class.php b/libraries/Config.class.php index f8d48f358e0b..15687a67f613 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -102,7 +102,7 @@ function __construct($source = null) */ function checkSystem() { - $this->set('PMA_VERSION', '4.0.10.3'); + $this->set('PMA_VERSION', '4.0.10.4'); /** * @deprecated */ From 57594febab385cd8fa3bc2c4511caa014d09485a Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Fri, 17 Oct 2014 18:07:08 +0530 Subject: [PATCH 16/29] bug #4562 [security] XSS in debug SQL output Signed-off-by: Madhura Jayaratne --- ChangeLog | 3 +++ libraries/database_interface.lib.php | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index b3d31b6a272b..86be14dd45c0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ phpMyAdmin - ChangeLog ====================== +4.0.10.5 (not yet released) +- bug #4562 [security] XSS in debug SQL output + 4.0.10.4 (2014-10-01) - bug #4544 [security] XSS vulnerabilities in table search and table structure pages diff --git a/libraries/database_interface.lib.php b/libraries/database_interface.lib.php index 7e17fcd5465b..2e5dfe2da169 100644 --- a/libraries/database_interface.lib.php +++ b/libraries/database_interface.lib.php @@ -139,11 +139,11 @@ function PMA_DBI_DBG_query($query, $link, $result, $time) } else { $_SESSION['debug']['queries'][$hash] = array(); if ($result == false) { - $_SESSION['debug']['queries'][$hash]['error'] - = '' . mysqli_error($link) . ''; + $_SESSION['debug']['queries'][$hash]['error'] = '' + . htmlspecialchars(mysqli_error($link)) . ''; } $_SESSION['debug']['queries'][$hash]['count'] = 1; - $_SESSION['debug']['queries'][$hash]['query'] = $query; + $_SESSION['debug']['queries'][$hash]['query'] = htmlspecialchars($query); $_SESSION['debug']['queries'][$hash]['time'] = $time; } From a150ea1df477fcc9a79bbdf3f26b40d9e333bcf1 Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Sat, 18 Oct 2014 06:52:40 +0530 Subject: [PATCH 17/29] bug #4563 [security] XSS in monitor query analyzer Signed-off-by: Madhura Jayaratne --- ChangeLog | 1 + js/server_status_monitor.js | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 86be14dd45c0..13e5fe471e95 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ phpMyAdmin - ChangeLog 4.0.10.5 (not yet released) - bug #4562 [security] XSS in debug SQL output +- bug #4563 [security] XSS in monitor query analyzer 4.0.10.4 (2014-10-01) - bug #4544 [security] XSS vulnerabilities in table search and table structure pages diff --git a/js/server_status_monitor.js b/js/server_status_monitor.js index c9f86e79f75c..7fd177848c4d 100644 --- a/js/server_status_monitor.js +++ b/js/server_status_monitor.js @@ -1991,7 +1991,7 @@ AJAX.registerOnload('server_status_monitor.js', function() { case 'user_host': return value.replace(/(\[.*?\])+/g, ''); } - return value; + return escapeHtml(value); }; for (var i = 0, l = rows.length; i < l; i++) { @@ -2144,7 +2144,7 @@ AJAX.registerOnload('server_status_monitor.js', function() { for (var i = 0, l = data.explain.length; i < l; i++) { explain += '
0? 'style="display:none;"' : '' ) + '>'; $.each(data.explain[i], function(key, value) { - value = (value == null)?'null':value; + value = (value == null)?'null': escapeHtml(value); if (key == 'type' && value.toLowerCase() == 'all') { value = '' + value + ''; From d0f7dc79905f4795d328a018772871f9f98957fc Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Tue, 21 Oct 2014 10:07:51 -0400 Subject: [PATCH 18/29] 4.0.10.5 release Signed-off-by: Marc Delisle --- ChangeLog | 2 +- README | 2 +- doc/conf.py | 2 +- libraries/Config.class.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 13e5fe471e95..a7900d358f33 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ phpMyAdmin - ChangeLog ====================== -4.0.10.5 (not yet released) +4.0.10.5 (2014-10-21) - bug #4562 [security] XSS in debug SQL output - bug #4563 [security] XSS in monitor query analyzer diff --git a/README b/README index fdd5919fe9f4..20a291d00fbf 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 4.0.10.4 +Version 4.0.10.5 A set of PHP-scripts to manage MySQL over the web. diff --git a/doc/conf.py b/doc/conf.py index 41172fa6b749..1710d9b423db 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -49,7 +49,7 @@ # built documents. # # The short X.Y version. -version = '4.0.10.4' +version = '4.0.10.5' # The full version, including alpha/beta/rc tags. release = version diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 15687a67f613..9a7e496a071e 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -102,7 +102,7 @@ function __construct($source = null) */ function checkSystem() { - $this->set('PMA_VERSION', '4.0.10.4'); + $this->set('PMA_VERSION', '4.0.10.5'); /** * @deprecated */ From 42b64e12b5f596366f94ef72365fd69a019ba820 Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Tue, 4 Nov 2014 16:05:06 +0530 Subject: [PATCH 19/29] bug #4578 XSS vulnerability in table print view Signed-off-by: Madhura Jayaratne --- ChangeLog | 3 +++ tbl_printview.php | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a7900d358f33..4cb74b03ac71 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ phpMyAdmin - ChangeLog ====================== +4.0.10.6 (not yet released) +- bug #4578 [security] XSS vulnerability in table print view + 4.0.10.5 (2014-10-21) - bug #4562 [security] XSS in debug SQL output - bug #4563 [security] XSS in monitor query analyzer diff --git a/tbl_printview.php b/tbl_printview.php index 78bb96101578..248010f8e96f 100644 --- a/tbl_printview.php +++ b/tbl_printview.php @@ -180,7 +180,7 @@ echo ' ' . $field_name . "\n"; } echo ''; - echo '' . $type. ''; + echo '' . htmlspecialchars($type) . ''; echo ''; echo (($row['Null'] == '' || $row['Null'] == 'NO') ? __('No') From 58cdd91fc83703a1ab645764fb3708e8e0b7c4a2 Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Tue, 4 Nov 2014 16:20:15 +0530 Subject: [PATCH 20/29] bug #4579 [security] XSS vulnerability in zoom search page Signed-off-by: Madhura Jayaratne --- ChangeLog | 1 + tbl_zoom_select.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4cb74b03ac71..72ac854b6f61 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ phpMyAdmin - ChangeLog 4.0.10.6 (not yet released) - bug #4578 [security] XSS vulnerability in table print view +- bug #4579 [security] XSS vulnerability in zoom search page 4.0.10.5 (2014-10-21) - bug #4562 [security] XSS in debug SQL output diff --git a/tbl_zoom_select.php b/tbl_zoom_select.php index 2c6a12344b9d..151ca6555d06 100644 --- a/tbl_zoom_select.php +++ b/tbl_zoom_select.php @@ -95,7 +95,7 @@ } $key = array_search($field, $table_search->getColumnNames()); $properties = $table_search->getColumnProperties($_REQUEST['it'], $key); - $response->addJSON('field_type', $properties['type']); + $response->addJSON('field_type', htmlspecialchars($properties['type'])); $response->addJSON('field_collation', $properties['collation']); $response->addJSON('field_operators', $properties['func']); $response->addJSON('field_value', $properties['value']); From 2e3f0b9457b3c8f78beb864120bd9d55617a11b5 Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Mon, 17 Nov 2014 11:03:55 +0530 Subject: [PATCH 21/29] bug #4594 [security] Path traversal in file inclusion of GIS factory Signed-off-by: Madhura Jayaratne --- ChangeLog | 1 + libraries/gis/pma_gis_factory.php | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 72ac854b6f61..8bab614e0b49 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ phpMyAdmin - ChangeLog 4.0.10.6 (not yet released) - bug #4578 [security] XSS vulnerability in table print view - bug #4579 [security] XSS vulnerability in zoom search page +- bug #4594 [security] Path traversal in file inclusion of GIS factory 4.0.10.5 (2014-10-21) - bug #4562 [security] XSS in debug SQL output diff --git a/libraries/gis/pma_gis_factory.php b/libraries/gis/pma_gis_factory.php index 1184ae3460ed..89e9730846d3 100644 --- a/libraries/gis/pma_gis_factory.php +++ b/libraries/gis/pma_gis_factory.php @@ -31,7 +31,9 @@ public static function factory($type) include_once './libraries/gis/pma_gis_geometry.php'; $type_lower = strtolower($type); - if (! file_exists('./libraries/gis/pma_gis_' . $type_lower . '.php')) { + if (! PMA_isValid($type_lower, PMA_Util::getGISDatatypes()) + || ! file_exists('./libraries/gis/pma_gis_' . $type_lower . '.php') + ) { return false; } if (include_once './libraries/gis/pma_gis_' . $type_lower . '.php') { From c5783321cd387d0b65b32cf399766f08a9acad68 Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Mon, 17 Nov 2014 12:13:09 +0530 Subject: [PATCH 22/29] bug #4598 [security] XSS in multi submit Signed-off-by: Madhura Jayaratne --- ChangeLog | 1 + libraries/mult_submits.inc.php | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8bab614e0b49..a8d1562b31f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ phpMyAdmin - ChangeLog - bug #4578 [security] XSS vulnerability in table print view - bug #4579 [security] XSS vulnerability in zoom search page - bug #4594 [security] Path traversal in file inclusion of GIS factory +- bug #4598 [security] XSS in multi submit 4.0.10.5 (2014-10-21) - bug #4562 [security] XSS in debug SQL output diff --git a/libraries/mult_submits.inc.php b/libraries/mult_submits.inc.php index aa712672232b..147f55f0ccfa 100644 --- a/libraries/mult_submits.inc.php +++ b/libraries/mult_submits.inc.php @@ -170,12 +170,14 @@ foreach ($selected AS $idx => $sval) { switch ($what) { case 'row_delete': - $full_query .= 'DELETE FROM ' . PMA_Util::backquote($db) . '.' . PMA_Util::backquote($table) + $full_query .= 'DELETE FROM ' + . PMA_Util::backquote(htmlspecialchars($db)) + . '.' . PMA_Util::backquote(htmlspecialchars($table)) // Do not append a "LIMIT 1" clause here // (it's not binlog friendly). // We don't need the clause because the calling panel permits // this feature only when there is a unique index. - . ' WHERE ' . urldecode($sval) + . ' WHERE ' . htmlspecialchars(urldecode($sval)) . ';
'; break; case 'drop_db': From c7685e5acd3f8e722f4f374c6fa821590865b68d Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Tue, 18 Nov 2014 10:15:34 +0530 Subject: [PATCH 23/29] bug #4597 [security] XSS through pma_fontsize cookie Signed-off-by: Madhura Jayaratne --- ChangeLog | 1 + libraries/Config.class.php | 2 +- libraries/Theme.class.php | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index a8d1562b31f0..4440e6339f0d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ phpMyAdmin - ChangeLog - bug #4579 [security] XSS vulnerability in zoom search page - bug #4594 [security] Path traversal in file inclusion of GIS factory - bug #4598 [security] XSS in multi submit +- bug #4597 [security] XSS through pma_fontsize cookie 4.0.10.5 (2014-10-21) - bug #4562 [security] XSS in debug SQL output diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 9a7e496a071e..a78bd77917b3 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -1717,7 +1717,7 @@ static protected function getFontsizeSelection() // for the case when there is no config file (this is supported) if (empty($current_size)) { if (isset($_COOKIE['pma_fontsize'])) { - $current_size = $_COOKIE['pma_fontsize']; + $current_size = htmlspecialchars($_COOKIE['pma_fontsize']); } else { $current_size = '82%'; } diff --git a/libraries/Theme.class.php b/libraries/Theme.class.php index bf1ee8f6f8e4..cd0b2c2722af 100644 --- a/libraries/Theme.class.php +++ b/libraries/Theme.class.php @@ -491,7 +491,7 @@ function getFontSize() return $fs; } if (isset($_COOKIE['pma_fontsize'])) { - return $_COOKIE['pma_fontsize']; + return htmlspecialchars($_COOKIE['pma_fontsize']); } return '82%'; } From 13a288d0da6e79b99acb9052bcf31b6650c624b5 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Thu, 20 Nov 2014 10:09:42 -0500 Subject: [PATCH 24/29] 4.0.10.6 release Signed-off-by: Marc Delisle --- ChangeLog | 2 +- README | 2 +- doc/conf.py | 2 +- libraries/Config.class.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4440e6339f0d..c0e57bef9fc9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ phpMyAdmin - ChangeLog ====================== -4.0.10.6 (not yet released) +4.0.10.6 (2014-11-20) - bug #4578 [security] XSS vulnerability in table print view - bug #4579 [security] XSS vulnerability in zoom search page - bug #4594 [security] Path traversal in file inclusion of GIS factory diff --git a/README b/README index 20a291d00fbf..e39ef44eda3c 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 4.0.10.5 +Version 4.0.10.6 A set of PHP-scripts to manage MySQL over the web. diff --git a/doc/conf.py b/doc/conf.py index 1710d9b423db..d3ac475608d5 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -49,7 +49,7 @@ # built documents. # # The short X.Y version. -version = '4.0.10.5' +version = '4.0.10.6' # The full version, including alpha/beta/rc tags. release = version diff --git a/libraries/Config.class.php b/libraries/Config.class.php index a78bd77917b3..290c69ba2f14 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -102,7 +102,7 @@ function __construct($source = null) */ function checkSystem() { - $this->set('PMA_VERSION', '4.0.10.5'); + $this->set('PMA_VERSION', '4.0.10.6'); /** * @deprecated */ From 095729d81205f15f40d216d25917017da4c2fff8 Mon Sep 17 00:00:00 2001 From: Madhura Jayaratne Date: Mon, 1 Dec 2014 20:49:45 +0530 Subject: [PATCH 25/29] bug #4611 [security] DOS attack with long passwords Signed-off-by: Madhura Jayaratne --- ChangeLog | 3 +++ libraries/common.inc.php | 5 +++++ libraries/plugins/AuthenticationPlugin.class.php | 9 +++++++++ libraries/plugins/auth/AuthenticationCookie.class.php | 10 ++++++++++ 4 files changed, 27 insertions(+) diff --git a/ChangeLog b/ChangeLog index c0e57bef9fc9..0a9f46ccc8ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ phpMyAdmin - ChangeLog ====================== +4.0.10.7 (not yet released) +- bug #4611 [security] DOS attack with long passwords + 4.0.10.6 (2014-11-20) - bug #4578 [security] XSS vulnerability in table print view - bug #4579 [security] XSS vulnerability in zoom search page diff --git a/libraries/common.inc.php b/libraries/common.inc.php index 46d8eb107acd..e1042c4aa02c 100644 --- a/libraries/common.inc.php +++ b/libraries/common.inc.php @@ -866,6 +866,9 @@ . ' ' . $cfg['Server']['auth_type'] ); } + if (isset($_REQUEST['pma_password'])) { + $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 256); + } include_once './libraries/plugins/auth/' . $auth_class . '.class.php'; // todo: add plugin manager $plugin_manager = null; @@ -974,6 +977,8 @@ $controllink = $userlink; } + $auth_plugin->storeUserCredentials(); + /* Log success */ PMA_log_user($cfg['Server']['user']); diff --git a/libraries/plugins/AuthenticationPlugin.class.php b/libraries/plugins/AuthenticationPlugin.class.php index 3ddf55ee2060..7943d2cb1564 100644 --- a/libraries/plugins/AuthenticationPlugin.class.php +++ b/libraries/plugins/AuthenticationPlugin.class.php @@ -41,6 +41,15 @@ abstract public function authCheck(); */ abstract public function authSetUser(); + /** + * Stores user credentials after successful login. + * + * @return void + */ + public function storeUserCredentials() + { + } + /** * User is not allowed to login to MySQL -> authentication failed * diff --git a/libraries/plugins/auth/AuthenticationCookie.class.php b/libraries/plugins/auth/AuthenticationCookie.class.php index 72274d9e312d..329a030cb684 100644 --- a/libraries/plugins/auth/AuthenticationCookie.class.php +++ b/libraries/plugins/auth/AuthenticationCookie.class.php @@ -475,6 +475,16 @@ public function authSetUser() unset($_SERVER['PHP_AUTH_PW']); $_SESSION['last_access_time'] = time(); + } + + /** + * Stores user credentials after successful login. + * + * @return void + */ + public function storeUserCredentials() + { + global $cfg; // Name and password cookies need to be refreshed each time // Duration = one month for username From 00828f9ccb1024fbcd528f41dfdf28fab918dfff Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Wed, 3 Dec 2014 07:55:56 -0500 Subject: [PATCH 26/29] 4.0.10.7 release Signed-off-by: Marc Delisle --- ChangeLog | 2 +- README | 2 +- doc/conf.py | 2 +- libraries/Config.class.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0a9f46ccc8ee..c0d3a959fb23 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ phpMyAdmin - ChangeLog ====================== -4.0.10.7 (not yet released) +4.0.10.7 (2014-12-03) - bug #4611 [security] DOS attack with long passwords 4.0.10.6 (2014-11-20) diff --git a/README b/README index e39ef44eda3c..12aa8cd64084 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 4.0.10.6 +Version 4.0.10.7 A set of PHP-scripts to manage MySQL over the web. diff --git a/doc/conf.py b/doc/conf.py index d3ac475608d5..849a0a475036 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -49,7 +49,7 @@ # built documents. # # The short X.Y version. -version = '4.0.10.6' +version = '4.0.10.7' # The full version, including alpha/beta/rc tags. release = version diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 290c69ba2f14..ae628b4cbdc8 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -102,7 +102,7 @@ function __construct($source = null) */ function checkSystem() { - $this->set('PMA_VERSION', '4.0.10.6'); + $this->set('PMA_VERSION', '4.0.10.7'); /** * @deprecated */ From 9daeaff5f0cd6c9b265cca7503c2278339f3a8a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Thu, 4 Dec 2014 13:09:26 +0100 Subject: [PATCH 27/29] Use composer to install correct phpunit version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michal Čihař --- .travis.yml | 9 +++++++-- composer.json | 5 +++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index b0824bd74dba..3a5a1844f784 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,5 +2,10 @@ language: php php: - "5.4" - "5.3" -before_script: ./scripts/generate-mo --quiet -script: phpunit --configuration phpunit.xml.nocoverage +sudo: false +before_script: + - export PATH=~/.composer/vendor/bin/:$PATH + - composer install --dev --no-interaction ; + - ./scripts/generate-mo --quiet +script: + - ./vendor/bin/phpunit --configuration phpunit.xml.nocoverage diff --git a/composer.json b/composer.json index ba03706ef445..acf83664a566 100644 --- a/composer.json +++ b/composer.json @@ -20,5 +20,10 @@ }, "require": { "php": ">=5.2.0" + }, + "require-dev": { + "satooshi/php-coveralls": ">=0.6", + "phpunit/phpunit": "<4.2", + "phpunit/phpunit-selenium": ">=1.2" } } From 853f7255c5f3db217685921583fe8e3aa1be36a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Thu, 4 Dec 2014 13:12:21 +0100 Subject: [PATCH 28/29] Create database for test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michal Čihař --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 3a5a1844f784..def57d675a6c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,6 +5,7 @@ php: sudo: false before_script: - export PATH=~/.composer/vendor/bin/:$PATH + - mysql -uroot -e "CREATE DATABASE test;" - composer install --dev --no-interaction ; - ./scripts/generate-mo --quiet script: From 26ce63dbde1064be68d9956a10204345c446f1b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Thu, 4 Dec 2014 13:14:56 +0100 Subject: [PATCH 29/29] Cache composer cache MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michal Čihař --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index def57d675a6c..2282b7e53c73 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,3 +10,6 @@ before_script: - ./scripts/generate-mo --quiet script: - ./vendor/bin/phpunit --configuration phpunit.xml.nocoverage +cache: + directories: + - $HOME/.composer/cache/