/[smecontribs]/rpms/phpMyAdmin/contribs10/phpMyAdmin-4.4.15.10-pmasa-2018-1.patch
ViewVC logotype

Annotation of /rpms/phpMyAdmin/contribs10/phpMyAdmin-4.4.15.10-pmasa-2018-1.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sun Feb 28 06:34:57 2021 UTC (3 years, 8 months ago) by jpp
Branch: MAIN
CVS Tags: phpMyAdmin-4_4_15_10-4_el7
from epel

1 jpp 1.1 Backported patch for phpMyAdmin 4.4.x; a self-cross site scripting (XSS) vulnerability has been
2     reported relating to the central columns feature.
3    
4     Further details:
5     - https://www.phpmyadmin.net/security/PMASA-2018-1/
6     - https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3
7    
8     --- phpMyAdmin-4.4.15.10/db_central_columns.php 2017-01-23 20:08:47.000000000 +0100
9     +++ phpMyAdmin-4.4.15.10/db_central_columns.php.pmasa-2018-1 2018-05-16 12:04:20.000000000 +0200
10     @@ -71,7 +71,9 @@
11     $col_name[] = $_REQUEST['col_name'];
12     $tmp_msg = PMA_deleteColumnsFromList($col_name, false);
13     }
14     -if (isset($_REQUEST['total_rows']) && $_REQUEST['total_rows']) {
15     +if (!empty($_REQUEST['total_rows'])
16     + && PMA_isValid($_REQUEST['total_rows'], 'integer')
17     +) {
18     $total_rows = $_REQUEST['total_rows'];
19     } else {
20     $total_rows = PMA_getCentralColumnsCount($db);

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed