Permalink
Browse files

[security] Code execution vulnerability

  • Loading branch information...
lem9 committed Sep 15, 2008
1 parent 4680cab commit f8d65ec564ada5c839be8f3f07f483cd82ce6a11
Showing with 35 additions and 19 deletions.
  1. +4 −1 ChangeLog
  2. +31 −18 libraries/database_interface.lib.php
View
@@ -8,9 +8,12 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
2.11.10.0 (not yet released)
- [core] safer handling of temporary files with open_basedir (thanks to Thijs
Kinkhorst)
- [core] do not automatically set and create TempDir, it might lead to secrity
- [core] do not automatically set and create TempDir, it might lead to security
issue (thanks to Thijs Kinkhorst)
2.11.9.1 (2008-09-15)
- [security] Code execution vulnerability, thanks to Norman Hippert
2.11.9.0 (2008-08-28)
- bug #2031221 [auth] Links to version number on login screen
- bug #2032707 [core] PMA does not start if ini_set() is disabled
@@ -187,6 +187,32 @@ function PMA_DBI_get_tables($database, $link = null)
null, 0, $link, PMA_DBI_QUERY_STORE);
}
/**
* usort comparison callback
*
* @param string $a first argument to sort
* @param string $b second argument to sort
*
* @return integer a value representing whether $a should be before $b in the
* sorted array or not
*
* @global string the column the array shall be sorted by
* @global string the sorting order ('ASC' or 'DESC')
*
* @access private
*/
function PMA_usort_comparison_callback($a, $b)
{
if ($GLOBALS['cfg']['NaturalOrder']) {
$sorter = 'strnatcasecmp';
} else {
$sorter = 'strcasecmp';
}
// produces f.e.:
// return -1 * strnatcasecmp($a["SCHEMA_TABLES"], $b["SCHEMA_TABLES"])
return ($GLOBALS['callback_sort_order'] == 'ASC' ? 1 : -1) * $sorter($a[$GLOBALS['callback_sort_by']], $b[$GLOBALS['callback_sort_by']]);
} // end of the 'PMA_usort_comparison_callback()' function
/**
* returns array of all tables in given db or dbs
* this function expects unquoted names:
@@ -399,7 +425,7 @@ function PMA_DBI_get_tables_full($database, $table = false,
* @param string $databases database
* @param boolean $force_stats retrieve stats also for MySQL < 5
* @param resource $link mysql link
* @param string $sort_by collumn to order by
* @param string $sort_by column to order by
* @param string $sort_order ASC or DESC
* @param integer $limit_offset starting offset for LIMIT
* @param bool|int $limit_count row count for LIMIT or true for $GLOBALS['cfg']['MaxDbList']
@@ -543,23 +569,10 @@ function PMA_DBI_get_databases_full($database = null, $force_stats = false,
* (caused by older MySQL < 5 or $GLOBALS['cfg']['NaturalOrder'])
*/
if ($apply_limit_and_order_manual) {
/**
* first apply ordering
*/
if ($GLOBALS['cfg']['NaturalOrder']) {
$sorter = 'strnatcasecmp';
} else {
$sorter = 'strcasecmp';
}
// produces f.e.:
// return -1 * strnatcasecmp($a["SCHEMA_TABLES"], $b["SCHEMA_TABLES"])
$sort_function = '
return ' . ($sort_order == 'ASC' ? 1 : -1) . ' * ' . $sorter . '($a["' . $sort_by . '"], $b["' . $sort_by . '"]);
';
usort($databases, create_function('$a, $b', $sort_function));
$GLOBALS['callback_sort_order'] = $sort_order;
$GLOBALS['callback_sort_by'] = $sort_by;
usort($databases, 'PMA_usort_comparison_callback');
unset($GLOBALS['callback_sort_order'], $GLOBALS['callback_sort_by']);
/**
* now apply limit

0 comments on commit f8d65ec

Please sign in to comment.