/[smecontribs]/rpms/phpMyAdmin/contribs10/phpMyAdmin-4.4.15.10-pmasa-2018-1.patch
ViewVC logotype

Contents of /rpms/phpMyAdmin/contribs10/phpMyAdmin-4.4.15.10-pmasa-2018-1.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.2 - (show annotations) (download)
Sun Feb 28 08:33:44 2021 UTC (3 years, 3 months ago) by jpp
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED 
* Sun Feb 28 2021 Jean-Philipe Pialasse <tests@pialasse.com> 5.1.0-1.sme
- Upgrade to 5.1.0 [SME: 11043]
  use epel spec with some modifications from remi
1 Backported patch for phpMyAdmin 4.4.x; a self-cross site scripting (XSS) vulnerability has been
2 reported relating to the central columns feature.
3
4 Further details:
5 - https://www.phpmyadmin.net/security/PMASA-2018-1/
6 - https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3
7
8 --- phpMyAdmin-4.4.15.10/db_central_columns.php 2017-01-23 20:08:47.000000000 +0100
9 +++ phpMyAdmin-4.4.15.10/db_central_columns.php.pmasa-2018-1 2018-05-16 12:04:20.000000000 +0200
10 @@ -71,7 +71,9 @@
11 $col_name[] = $_REQUEST['col_name'];
12 $tmp_msg = PMA_deleteColumnsFromList($col_name, false);
13 }
14 -if (isset($_REQUEST['total_rows']) && $_REQUEST['total_rows']) {
15 +if (!empty($_REQUEST['total_rows'])
16 + && PMA_isValid($_REQUEST['total_rows'], 'integer')
17 +) {
18 $total_rows = $_REQUEST['total_rows'];
19 } else {
20 $total_rows = PMA_getCentralColumnsCount($db);
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed