The branch, MAINT_3_3_10 has been updated
via 6cb0ad8a0de2890ef9cf895804455d1d6206df72 (commit)
via 2254a70fad144a2b6b3820c325be7304765e41d7 (commit)
via 8ac8328229ae7493d6060b6272578d85879c698d (commit)
via 630b8260be45eb9b211f5d7628dbb9e5c1b05bc6 (commit)
via f6f6ee3f1171addb166fa18e75a0b56599bf374c (commit)
from ab31a2565f494c69e6b0d9a82a2932c7656592b5 (commit)
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 4 ++++
libraries/auth/swekey/swekey.auth.lib.php | 12 +++++++-----
tbl_printview.php | 4 ++--
3 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 3816fdc..54ef4ec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@ phpMyAdmin - ChangeLog
$Id$
$HeadURL:
https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog
$
+3.3.10.3 (2011-07-23)
+- [security] Fixed XSS vulnerability, see PMASA-2011-9
+- [security] Fixed possible session manipulation in swekey authentication, see
PMASA-2011-12
+
3.3.10.2 (2011-07-02)
- [security] Fixed possible session manipulation in swekey authentication, see
PMASA-2011-5
- [security] Fixed possible code injection incase session variables are
compromised, see PMASA-2011-6
diff --git a/libraries/auth/swekey/swekey.auth.lib.php
b/libraries/auth/swekey/swekey.auth.lib.php
index 2a790c4..197de1c 100644
--- a/libraries/auth/swekey/swekey.auth.lib.php
+++ b/libraries/auth/swekey/swekey.auth.lib.php
@@ -143,7 +143,9 @@ function Swekey_auth_error()
return "Internal Error: CA File $caFile not found";
$result = null;
- parse_str($_SERVER['QUERY_STRING']);
+ $swekey_id = $_GET['swekey_id'];
+ $swekey_otp = $_GET['swekey_otp'];
+
if (isset($swekey_id)) {
unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
@@ -166,7 +168,7 @@ function Swekey_auth_error()
$result = $GLOBALS['strSwekeyNoKey'];
if ($_SESSION['SWEKEY']['CONF_DEBUG'])
{
- $result .= "<br>".$swekey_id;
+ $result .= "<br>" . htmlspecialchars($swekey_id);
}
unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf
file
}
@@ -186,16 +188,16 @@ function Swekey_auth_error()
<script>
if (key.length != 32)
{
- window.location.search="?swekey_id=" + key;
+ window.location.search="?swekey_id=" + key + "&token=<?php echo
$_SESSION[' PMA_token ']; ?>";
}
else
{
var url = "" + window.location;
if (url.indexOf("?") > 0)
url = url.substr(0, url.indexOf("?"));
- Swekey_SetUnplugUrl(key, "pma_login", url +
"?session_to_unset=<?php echo session_id();?>");
+ Swekey_SetUnplugUrl(key, "pma_login", url +
"?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION['
PMA_token ']; ?>");
var otp = Swekey_GetOtp(key, <?php echo
'"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
- window.location.search="?swekey_id=" + key + "&swekey_otp=" +
otp;
+ window.location.search="?swekey_id=" + key + "&swekey_otp=" +
otp + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
}
</script>
<?php
diff --git a/tbl_printview.php b/tbl_printview.php
index c5b17ab..2b38e24 100644
--- a/tbl_printview.php
+++ b/tbl_printview.php
@@ -72,7 +72,7 @@ if ($multi_tables) {
$tbl_list .= (empty($tbl_list) ? '' : ', ')
. PMA_backquote($table);
}
- echo '<strong>'. $strShowTables . ': ' . $tbl_list . '</strong>' . "\n";
+ echo '<strong>'. $strShowTables . ': ' . htmlspecialchars($tbl_list) .
'</strong>' . "\n";
echo '<hr />' . "\n";
} // end if
@@ -87,7 +87,7 @@ foreach ($the_tables as $key => $table) {
}
$counter++;
echo '<div' . $breakstyle . '>' . "\n";
- echo '<h1>' . $table . '</h1>' . "\n";
+ echo '<h1>' . htmlspecialchars($table) . '</h1>' . "\n";
/**
* Gets table informations
hooks/post-receive
--
phpMyAdmin
------------------------------------------------------------------------------
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide. Store less, Store more with what you own, Move data to
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git
