Package: phpmyadmin
Version: 4:2.8.1-1
Severity: normal
Tags: patch
Hi,
Attached is the diff for my phpmyadmin 4:2.8.2-0.1 NMU.
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/ChangeLog
/tmp/btne0M6sJi/phpmyadmin-2.8.2/ChangeLog
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/ChangeLog 2006-05-20 19:16:21.000000000
+0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/ChangeLog 2006-06-30 15:54:23.000000000
+0200
@@ -2,12 +2,36 @@
phpMyAdmin - Changelog
----------------------
-$Id: ChangeLog,v 2.1929.2.130.2.4 2006/05/20 17:16:21 lem9 Exp $
+$Id: ChangeLog,v 2.1929.2.142 2006/06/30 13:54:23 lem9 Exp $
$Source: /cvsroot/phpmyadmin/phpMyAdmin/ChangeLog,v $
+2006-06-30 Marc Delisle <[EMAIL PROTECTED]>
+ * libraries/common.lib.php: escape also single quotes
+ ### 2.8.2 released from QA_2_8
+
+2006-06-28 Marc Delisle <[EMAIL PROTECTED]>
+ * libraries/common.lib.php: escape allowed parameters from non-token
+ requests
+
+2006-06-15 Marc Delisle <[EMAIL PROTECTED]>
+ * libraries/display_export.lib.php: reenable XML option in export
+
+2006-06-02 Marc Delisle <[EMAIL PROTECTED]>
+ * Documentation.html: requirements: web browser with cookies enabled
+
+2006-05-29 Marc Delisle <[EMAIL PROTECTED]>
+ * main.php: bug #1496881, CVS link broken in main.php
+
2006-05-20 Marc Delisle <[EMAIL PROTECTED]>
### 2.8.1 released from MAINT_2_8_1
+2006-05-17 Marc Delisle <[EMAIL PROTECTED]>
+ * server_privileges.php: bug #1478812, Add user (password containing
+ a backslash; also minor optimization
+
+2006-05-15 Marc Delisle <[EMAIL PROTECTED]>
+ * libraries/common.lib.php, bug #1475949, removing the default value
+
2006-05-15 Michal Čihař <[EMAIL PROTECTED]>
* scripts/setup.php: Compatibility with security tokens (bug #1488453).
* scripts/setup.php: Fix detection of writable config (bug #1488447).
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/debian/changelog
/tmp/btne0M6sJi/phpmyadmin-2.8.2/debian/changelog
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/debian/changelog 2006-07-18
12:56:54.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/debian/changelog 2006-07-18
12:56:54.000000000 +0200
@@ -1,3 +1,11 @@
+phpmyadmin (4:2.8.2-0.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * New upstream release.
+ * Fixes cross-site-scripting issues. [CVE-2006-3388] (Closes: #377748)
+
+ -- Steinar H. Gunderson <[EMAIL PROTECTED]> Tue, 18 Jul 2006 12:52:19 +0200
+
phpmyadmin (4:2.8.1-1) unstable; urgency=medium
* New upstream release. Closes: #373204.
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/Documentation.html
/tmp/btne0M6sJi/phpmyadmin-2.8.2/Documentation.html
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/Documentation.html 2006-05-20
19:16:47.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/Documentation.html 2006-06-30
15:46:50.000000000 +0200
@@ -1,6 +1,6 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en-US" lang="en-US">
-<!-- $Id: Documentation.html,v 2.205.2.17.2.1 2006/05/20 17:16:47 lem9 Exp $
-->
+<!-- $Id: Documentation.html,v 2.205.2.21 2006/06/30 13:46:50 lem9 Exp $ -->
<!--
vim: expandtab ts=4 sw=4 sts=4 tw=78
-->
@@ -9,7 +9,7 @@
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <title>phpMyAdmin 2.8.1 - Documentation</title>
+ <title>phpMyAdmin 2.8.2 - Documentation</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -33,7 +33,7 @@
<hr noshade="noshade" width="100%" />
</div>
-<h1>phpMyAdmin 2.8.1 Documentation</h1>
+<h1>phpMyAdmin 2.8.2 Documentation</h1>
<!-- TOP MENU -->
@@ -53,7 +53,7 @@
</li>
<li>
Documentation version:
- <i>$Id: Documentation.html,v 2.205.2.17.2.1 2006/05/20 17:16:47 lem9
Exp $</i>
+ <i>$Id: Documentation.html,v 2.205.2.21 2006/06/30 13:46:50 lem9 Exp
$</i>
</li>
</ul>
@@ -85,7 +85,7 @@
phase but every other action that you do in phpMyAdmin.
</li>
<li>
- a web-browser (doh!).
+ <b>Web browser</b> with cookies enabled.
</li>
</ul>
@@ -4116,9 +4116,9 @@
<ol>
<li>
fetch the current CVS tree over anonymous CVS:<br />
- <tt>cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/phpmyadmin login</tt><br
/>
+ <tt>cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/phpmyadmin login</tt><br
/>
[Password: simply press the Enter key]<br />
- <tt>cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/phpmyadmin checkout
phpMyAdmin</tt><br />
+ <tt>cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/phpmyadmin checkout
phpMyAdmin</tt><br />
[This will create a new sub-directory named phpMyAdmin]
</li>
<li>
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/Documentation.txt
/tmp/btne0M6sJi/phpmyadmin-2.8.2/Documentation.txt
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/Documentation.txt 2006-05-20
19:33:32.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/Documentation.txt 2006-06-30
15:55:32.000000000 +0200
@@ -5,15 +5,15 @@
Transformations - FAQ - Developers - Credits - Translators
-------------------------------------------------------------------------------
-phpMyAdmin 2.8.1 Documentation
+phpMyAdmin 2.8.2 Documentation
* SourceForge phpMyAdmin project page [ http://www.phpmyadmin.net/ ]
* Local documents:
+ Version history: ChangeLog
+ General notes: README
+ License: LICENSE
- * Documentation version: $Id: Documentation.html,v 2.205.2.17.2.1 2006/05/20
- 17:16:47 lem9 Exp $
+ * Documentation version: $Id: Documentation.html,v 2.205.2.21 2006/06/30
+ 13:46:50 lem9 Exp $
Requirements
@@ -29,7 +29,7 @@
"cookie" authentication method, having the mcrypt PHP extension on your web
server accelerates not only the login phase but every other action that you
do in phpMyAdmin.
- * a web-browser (doh!).
+ * Web browser with cookies enabled.
Introduction
@@ -2702,10 +2702,10 @@
The following method is preferred for new developers:
1. fetch the current CVS tree over anonymous CVS:
- cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/phpmyadmin
+ cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/phpmyadmin
login
[Password: simply press the Enter key]
- cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/
+ cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/
phpmyadmin checkout phpMyAdmin
[This will create a new sub-directory named phpMyAdmin]
2. add your stuff
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/libraries/common.lib.php
/tmp/btne0M6sJi/phpmyadmin-2.8.2/libraries/common.lib.php
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/libraries/common.lib.php 2006-05-14
18:46:51.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/libraries/common.lib.php 2006-06-30
15:11:04.000000000 +0200
@@ -1,5 +1,5 @@
<?php
-/* $Id: common.lib.php,v 2.266.2.23.2.1 2006/05/14 16:46:51 nijel Exp $ */
+/* $Id: common.lib.php,v 2.266.2.27 2006/06/30 13:11:04 lem9 Exp $ */
// vim: expandtab sw=4 ts=4 sts=4:
/**
@@ -2584,7 +2584,9 @@
if (strtoupper($default) == 'NULL') {
$query .= ' DEFAULT NULL';
} else {
- $query .= ' DEFAULT \'' . PMA_sqlAddslashes($default) . '\'';
+ if (!empty($default) || $default == '0') {
+ $query .= ' DEFAULT \'' . PMA_sqlAddslashes($default) .
'\'';
+ }
}
}
@@ -2932,6 +2934,9 @@
unset($_GET[$key]);
unset($_POST[$key]);
unset($GLOBALS[$key]);
+ } else {
+ // allowed stuff could be compromised so escape it
+ $_REQUEST[$key] = htmlspecialchars($_REQUEST[$key], ENT_QUOTES);
}
}
}
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/libraries/Config.class.php
/tmp/btne0M6sJi/phpmyadmin-2.8.2/libraries/Config.class.php
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/libraries/Config.class.php 2006-05-20
19:15:21.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/libraries/Config.class.php 2006-06-30
15:46:11.000000000 +0200
@@ -1,5 +1,5 @@
<?php
-/* $Id: Config.class.php,v 1.21.2.15.2.1 2006/05/20 17:15:21 lem9 Exp $ */
+/* $Id: Config.class.php,v 1.21.2.18 2006/06/30 13:46:11 lem9 Exp $ */
// vim: expandtab sw=4 ts=4 sts=4:
class PMA_Config
@@ -76,7 +76,7 @@
*/
function checkSystem()
{
- $this->set('PMA_VERSION', '2.8.1');
+ $this->set('PMA_VERSION', '2.8.2');
/**
* @deprecated
*/
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/libraries/display_export.lib.php
/tmp/btne0M6sJi/phpmyadmin-2.8.2/libraries/display_export.lib.php
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/libraries/display_export.lib.php
2006-01-17 18:02:30.000000000 +0100
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/libraries/display_export.lib.php
2006-06-15 22:22:56.000000000 +0200
@@ -1,5 +1,5 @@
<?php
-/* $Id: display_export.lib.php,v 2.47 2006/01/17 17:02:30 cybot_tm Exp $ */
+/* $Id: display_export.lib.php,v 2.47.2.1 2006/06/15 20:22:56 lem9 Exp $ */
// vim: expandtab sw=4 ts=4 sts=4:
// Get relations & co. status
@@ -36,7 +36,7 @@
<?php
$hide_structure = false;
$hide_sql = false;
-$hide_xml = (bool) (isset($db) && strlen($db));
+$hide_xml = (bool) ! (isset($db) && strlen($db));
if ($export_type == 'server') {
echo PMA_generate_common_hidden_inputs('', '', 1);
} elseif ($export_type == 'database') {
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/main.php
/tmp/btne0M6sJi/phpmyadmin-2.8.2/main.php
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/main.php 2006-04-24 09:30:14.000000000
+0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/main.php 2006-05-29 18:09:30.000000000
+0200
@@ -1,5 +1,5 @@
<?php
-/* $Id: main.php,v 2.100.2.2 2006/04/24 07:30:14 nijel Exp $ */
+/* $Id: main.php,v 2.100.2.3 2006/05/29 16:09:30 lem9 Exp $ */
// vim: expandtab sw=4 ts=4 sts=4:
/**
@@ -283,7 +283,7 @@
?>
<li><bdo xml:lang="en" dir="ltr">
[<a href="changelog.php" target="_blank">ChangeLog</a>]
- [<a
href="http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phpmyadmin/phpMyAdmin/";
+ [<a href="http://phpmyadmin.cvs.sourceforge.net/phpmyadmin/";
target="_blank">CVS</a>]
[<a href="http://sourceforge.net/mail/?group_id=23067";
target="_blank">Lists</a>]
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/README
/tmp/btne0M6sJi/phpmyadmin-2.8.2/README
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/README 2006-05-20 19:17:03.000000000
+0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/README 2006-06-30 15:48:13.000000000
+0200
@@ -1,11 +1,11 @@
-$Id: README,v 2.40.2.6.2.1 2006/05/20 17:17:03 lem9 Exp $
+$Id: README,v 2.40.2.8 2006/06/30 13:48:13 lem9 Exp $
phpMyAdmin - Readme
===================
A set of PHP-scripts to manage MySQL over the web.
- Version 2.8.1
+ Version 2.8.2
-------------
http://www.phpmyadmin.net/
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/RELEASE-DATE-2.8.1
/tmp/btne0M6sJi/phpmyadmin-2.8.2/RELEASE-DATE-2.8.1
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/RELEASE-DATE-2.8.1 2006-05-20
19:33:32.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/RELEASE-DATE-2.8.1 1970-01-01
01:00:00.000000000 +0100
@@ -1 +0,0 @@
-Sat May 20 17:33:32 UTC 2006
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/RELEASE-DATE-2.8.2
/tmp/btne0M6sJi/phpmyadmin-2.8.2/RELEASE-DATE-2.8.2
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/RELEASE-DATE-2.8.2 1970-01-01
01:00:00.000000000 +0100
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/RELEASE-DATE-2.8.2 2006-06-30
15:55:32.000000000 +0200
@@ -0,0 +1 @@
+Fri Jun 30 13:55:32 UTC 2006
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/scripts/setup.php
/tmp/btne0M6sJi/phpmyadmin-2.8.2/scripts/setup.php
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/scripts/setup.php 2006-05-15
09:57:09.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/scripts/setup.php 2006-05-15
09:57:30.000000000 +0200
@@ -1,5 +1,5 @@
<?php
-/* $Id: setup.php,v 1.23.2.8.2.2 2006/05/15 07:57:09 nijel Exp $ */
+/* $Id: setup.php,v 1.23.2.10 2006/05/15 07:57:30 nijel Exp $ */
// vim: expandtab sw=4 ts=4 sts=4:
// phpMyAdmin setup script by Michal Čihař <[EMAIL PROTECTED]>
@@ -14,7 +14,7 @@
// Script information
$script_info = 'phpMyAdmin ' . $PMA_Config->get('PMA_VERSION') . ' setup
script by Michal Čihař <[EMAIL PROTECTED]>';
-$script_version = '$Id: setup.php,v 1.23.2.8.2.2 2006/05/15 07:57:09 nijel Exp
$';
+$script_version = '$Id: setup.php,v 1.23.2.10 2006/05/15 07:57:30 nijel Exp $';
// Grab action
if (isset($_POST['action'])) {
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/server_privileges.php
/tmp/btne0M6sJi/phpmyadmin-2.8.2/server_privileges.php
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/server_privileges.php 2006-03-14
18:32:19.000000000 +0100
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/server_privileges.php 2006-05-17
12:24:14.000000000 +0200
@@ -1,5 +1,5 @@
<?php
-/* $Id: server_privileges.php,v 2.91.2.2 2006/03/14 17:32:19 lem9 Exp $ */
+/* $Id: server_privileges.php,v 2.91.2.3 2006/05/17 10:24:14 lem9 Exp $ */
// vim: expandtab sw=4 ts=4 sts=4:
require_once('./libraries/common.lib.php');
@@ -764,15 +764,12 @@
'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \''
. PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';
if ($pred_password != 'none' && $pred_password != 'keep') {
- $pma_pw_hidden = '';
- for ($i = 0; $i < strlen($pma_pw); $i++) {
- $pma_pw_hidden .= '*';
- }
+ $pma_pw_hidden = str_repeat('*', strlen($pma_pw));
$sql_query = $real_sql_query . ' IDENTIFIED BY \'' .
$pma_pw_hidden . '\'';
- $real_sql_query .= ' IDENTIFIED BY \'' . $pma_pw . '\'';
+ $real_sql_query .= ' IDENTIFIED BY \'' .
PMA_sqlAddslashes($pma_pw) . '\'';
if ( isset( $create_user_real ) ) {
$create_user_show = $create_user_real . ' IDENTIFIED BY \'' .
$pma_pw_hidden . '\'';
- $create_user_real .= ' IDENTIFIED BY \'' . $pma_pw . '\'';
+ $create_user_real .= ' IDENTIFIED BY \'' .
PMA_sqlAddslashes($pma_pw) . '\'';
}
} else {
if ($pred_password == 'keep' && !empty($password)) {
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/translators.html
/tmp/btne0M6sJi/phpmyadmin-2.8.2/translators.html
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/translators.html 2006-05-20
19:17:23.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/translators.html 2006-06-30
15:47:15.000000000 +0200
@@ -1,13 +1,13 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en-US" lang="en-US">
-<!-- $Id: translators.html,v 2.64.2.6.2.1 2006/05/20 17:17:23 lem9 Exp $ -->
+<!-- $Id: translators.html,v 2.64.2.8 2006/06/30 13:47:15 lem9 Exp $ -->
<head>
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <title>phpMyAdmin 2.8.1 - Official translators</title>
+ <title>phpMyAdmin 2.8.2 - Official translators</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -29,7 +29,7 @@
<hr noshade="noshade" width="100%" />
</div>
-<h1>phpMyAdmin 2.8.1 official translators list</h1>
+<h1>phpMyAdmin 2.8.2 official translators list</h1>
<p>
Here is the list of the "official translators" of
