~ubuntu-branches/ubuntu/lucid/phpmyadmin/lucid

Viewing changes to libraries/common.inc.php

Committer: Bazaar Package Importer
Author(s): Thijs Kinkhorst
Date: 2008-07-15 20:41:25 UTC
mfrom: (1.1.22 upstream)
Revision ID: james.westby@ubuntu.com-20080715204125-l55hj3njg6bhjkaj

Tags: 4:2.11.7.1-1

* New upstream release.
* Fixes security issue: XSRF/CSRF by manipulating the
db, convcharset and collation_connection parameters.

files added:
RELEASE-DATE-2.11.7.1

files removed:
RELEASE-DATE-2.11.7

files modified:
ChangeLog

Documentation.html

Documentation.txt

README

db_create.php

debian/changelog

debian/copyright

debian/patches/040-fix-documentation-links.dpatch

index.php

js/querywindow.js

libraries/Config.class.php

libraries/common.inc.php

libraries/display_create_database.lib.php

libraries/footer.inc.php

translators.html

Show diffs side-by-side

added added

removed removed

libraries/common.inc.php

* - db connection

* - authentication work

* @version $Id: common.inc.php 11326 2008-06-17 21:32:48Z lem9 $

* @version $Id: common.inc.php 11391 2008-07-15 14:40:42Z lem9 $

/**

398

* List of parameters which are allowed from unsafe source

399

400

$allow_list = array(

401

'db', 'table', 'lang', 'server', 'convcharset', 'collation_connection', 'target',

401

/* needed for direct access, see FAQ 1.34

402

* also, server needed for cookie login screen (multi-server)

403

404

'server', 'db', 'table', 'target',

402

405

/* Session ID */

403

406

'phpMyAdmin',

404

407

/* Cookie preferences */

Older »