File: 030_CVE-2007-0203.patch

package info (click to toggle)
phpmyadmin 4%3A2.9.1.1-13
  • links: PTS
  • area: main
  • in suites: etch
  • size: 13,324 kB
  • ctags: 119,177
  • sloc: php: 148,860; sh: 645; sql: 224; perl: 142
file content (52 lines) | stat: -rw-r--r-- 3,213 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
diff -Nur phpMyAdmin-2.9.1.1-all-languages-utf-8-only.orig/index.php phpMyAdmin-2.9.1.1-all-languages-utf-8-only/index.php
--- phpMyAdmin-2.9.1.1-all-languages-utf-8-only.orig/index.php	2006-11-19 01:28:34.000000000 +0100
+++ phpMyAdmin-2.9.1.1-all-languages-utf-8-only/index.php	2007-01-12 15:24:26.000000000 +0100
@@ -116,18 +116,18 @@
 <script type="text/javascript" language="javascript">
 // <![CDATA[
     // definitions used in querywindow.js
-    var common_query = '<?php echo PMA_generate_common_url('', '', '&');?>';
-    var opendb_url = '<?php echo $GLOBALS['cfg']['DefaultTabDatabase']; ?>';
+    var common_query = '<?php echo PMA_escapeJsString(PMA_generate_common_url('', '', '&'));?>';
+    var opendb_url = '<?php echo PMA_escapeJsString($GLOBALS['cfg']['DefaultTabDatabase']); ?>';
     var safari_browser = <?php echo PMA_USR_BROWSER_AGENT == 'SAFARI' ? 'true' : 'false' ?>;
-    var querywindow_height = <?php echo $GLOBALS['cfg']['QueryWindowHeight']; ?>;
-    var querywindow_width = <?php echo $GLOBALS['cfg']['QueryWindowWidth']; ?>;
-    var collation_connection = '<?php echo $GLOBALS['collation_connection']; ?>';
-    var lang = '<?php echo $GLOBALS['lang']; ?>';
-    var server = '<?php echo $GLOBALS['server']; ?>';
-    var table = '<?php echo $GLOBALS['table']; ?>';
-    var db    = '<?php echo $GLOBALS['db']; ?>';
-    var text_dir = '<?php echo $GLOBALS['text_dir']; ?>';
-    var pma_absolute_uri = '<?php echo $GLOBALS['cfg']['PmaAbsoluteUri']; ?>';
+    var querywindow_height = <?php echo PMA_escapeJsString($GLOBALS['cfg']['QueryWindowHeight']); ?>;
+    var querywindow_width = <?php echo PMA_escapeJsString($GLOBALS['cfg']['QueryWindowWidth']); ?>;
+    var collation_connection = '<?php echo PMA_escapeJsString($GLOBALS['collation_connection']); ?>';
+    var lang = '<?php echo PMA_escapeJsString($GLOBALS['lang']); ?>';
+    var server = '<?php echo PMA_escapeJsString($GLOBALS['server']); ?>';
+    var table = '<?php echo PMA_escapeJsString($GLOBALS['table']); ?>';
+    var db    = '<?php echo PMA_escapeJsString($GLOBALS['db']); ?>';
+    var text_dir = '<?php echo PMA_escapeJsString($GLOBALS['text_dir']); ?>';
+    var pma_absolute_uri = '<?php echo PMA_escapeJsString($GLOBALS['cfg']['PmaAbsoluteUri']); ?>';
 // ]]>
 </script>
 <script src="./js/querywindow.js" type="text/javascript" language="javascript">
diff -Nur phpMyAdmin-2.9.1.1-all-languages-utf-8-only.orig/libraries/session.inc.php phpMyAdmin-2.9.1.1-all-languages-utf-8-only/libraries/session.inc.php
--- phpMyAdmin-2.9.1.1-all-languages-utf-8-only.orig/libraries/session.inc.php	2006-11-19 01:28:34.000000000 +0100
+++ phpMyAdmin-2.9.1.1-all-languages-utf-8-only/libraries/session.inc.php	2007-01-12 15:27:09.000000000 +0100
@@ -78,7 +78,14 @@
 // session.save_handler is set to another value like "user"
 ini_set('session.save_handler', 'files');
 
-@session_name('phpMyAdmin');
+$session_name = 'phpMyAdmin';
+@session_name($session_name);
+// strictly, PHP 4 since 4.4.2 would not need a verification 
+if (version_compare(PHP_VERSION, '5.1.2', 'lt') 
+ && isset($_COOKIE[$session_name]) 
+ && eregi("\r|\n", $_COOKIE[$session_name])) {
+    die('attacked'); 
+}
 @session_start();
 
 /**