phpMyAdmin/contribs10/phpMyAdmin-4.4.15.10-pmasa-2018-1.patch

Backported patch for phpMyAdmin 4.4.x; a self-cross site scripting (XSS) vulnerability has been
reported relating to the central columns feature.

Further details:
 - https://www.phpmyadmin.net/security/PMASA-2018-1/
 - https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3

--- phpMyAdmin-4.4.15.10/db_central_columns.php                 2017-01-23 20:08:47.000000000 +0100
+++ phpMyAdmin-4.4.15.10/db_central_columns.php.pmasa-2018-1    2018-05-16 12:04:20.000000000 +0200
@@ -71,7 +71,9 @@
     $col_name[] = $_REQUEST['col_name'];
     $tmp_msg = PMA_deleteColumnsFromList($col_name, false);
 }
-if (isset($_REQUEST['total_rows']) && $_REQUEST['total_rows']) {
+if (!empty($_REQUEST['total_rows'])
+    && PMA_isValid($_REQUEST['total_rows'], 'integer')
+) {
     $total_rows = $_REQUEST['total_rows'];
 } else {
     $total_rows = PMA_getCentralColumnsCount($db);
1	jpp	1.1	Backported patch for phpMyAdmin 4.4.x; a self-cross site scripting (XSS) vulnerability has been
2			reported relating to the central columns feature.
3
4			Further details:
5			- https://www.phpmyadmin.net/security/PMASA-2018-1/
6			- https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3
7
8			--- phpMyAdmin-4.4.15.10/db_central_columns.php 2017-01-23 20:08:47.000000000 +0100
9			+++ phpMyAdmin-4.4.15.10/db_central_columns.php.pmasa-2018-1 2018-05-16 12:04:20.000000000 +0200
10			@@ -71,7 +71,9 @@
11			$col_name[] = $_REQUEST['col_name'];
12			$tmp_msg = PMA_deleteColumnsFromList($col_name, false);
13			}
14			-if (isset($_REQUEST['total_rows']) && $_REQUEST['total_rows']) {
15			+if (!empty($_REQUEST['total_rows'])
16			+ && PMA_isValid($_REQUEST['total_rows'], 'integer')
17			+) {
18			$total_rows = $_REQUEST['total_rows'];
19			} else {
20			$total_rows = PMA_getCentralColumnsCount($db);