3 files changed, 114 insertions, 0 deletions
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch
new file mode 100644
index 000000000..27eac7762
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch
@@ -0,0 +1,29 @@
+From 90ddeecf60fc029608b972e490b735f3a65ed0cb Mon Sep 17 00:00:00 2001
+From: Madhura Jayaratne <madhura.cj@gmail.com>
+Date: Sun, 17 Aug 2014 08:52:05 -0400
+Subject: [PATCH] bug #4504 [security] Self-XSS in query charts
+Upstream-status: Backport
+Signed-off-by: Marc Delisle <marc@infomarc.info>
+---
+ js/tbl_chart.js |    2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+ 4.2.7.0 (2014-07-31)
+diff --git a/js/tbl_chart.js b/js/tbl_chart.js
+index 943d4ae..04c9c40 100644
+--- a/js/tbl_chart.js
+++ b/js/tbl_chart.js
+@@ -47,7 +47,7 @@ function PMA_queryChart(data, columnNames, settings) {
+         },
+         axes : {
+             xaxis : {
+-                label : settings.xaxisLabel
+                label : escapeHtml(settings.xaxisLabel)
+             },
+             yaxis : {
+                 label : settings.yaxisLabel
+-- 
+1.7.10.4
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch
new file mode 100644
index 000000000..164a072ef
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch
@@ -0,0 +1,43 @@
+From 0cd293f5e13aa245e4a57b8d373597cc0e421b6f Mon Sep 17 00:00:00 2001
+From: Madhura Jayaratne <madhura.cj@gmail.com>
+Date: Sun, 17 Aug 2014 08:41:57 -0400
+Subject: [PATCH] bug #4505 [security] XSS in view operations page
+Upstream-Status: Backport
+Signed-off-by: Marc Delisle <marc@infomarc.info>
+---
+ ChangeLog       |    3 +++
+ js/functions.js |    2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+diff --git a/ChangeLog b/ChangeLog
+index 7afac1a..cec9d77 100644
+--- a/ChangeLog
+++ b/ChangeLog
+@@ -1,6 +1,9 @@
+ phpMyAdmin - ChangeLog
+ ======================
+ 
+4.2.7.1 (2014-08-17)
+- bug #4505 [security] XSS in view operations page
+
+ 4.2.7.0 (2014-07-31)
+ - bug       Broken links on home page
+ - bug #4494 Overlap in navigation panel
+diff --git a/js/functions.js b/js/functions.js
+index 09bfeda..a970a81 100644
+--- a/js/functions.js
+++ b/js/functions.js
+@@ -3585,7 +3585,7 @@ AJAX.registerOnload('functions.js', function () {
+         var question = PMA_messages.strDropTableStrongWarning + ' ';
+         question += $.sprintf(
+             PMA_messages.strDoYouReally,
+-            'DROP VIEW ' + PMA_commonParams.get('table')
+            'DROP VIEW ' + escapeHtml(PMA_commonParams.get('table'))
+         );
+ 
+         $(this).PMA_confirm(question, $(this).attr('href'), function (url) {
+-- 
+1.7.10.4
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf
new file mode 100644
index 000000000..94cbd865c
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf
@@ -0,0 +1,42 @@
+# phpMyAdmin default Apache configuration
+Alias /phpmyadmin /usr/share/phpmyadmin
+<Directory /usr/share/phpmyadmin>
+        Options FollowSymLinks
+        DirectoryIndex index.php
+        Require all granted
+        <IfModule mod_php5.c>
+                AddType application/x-httpd-php .php
+                php_flag magic_quotes_gpc Off
+                php_flag track_vars On
+                php_flag register_globals Off
+                php_admin_flag allow_url_fopen Off
+                php_value include_path .
+                php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
+                php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
+        </IfModule>
+</Directory>
+# Authorize for setup
+<Directory /usr/share/phpmyadmin/setup>
+    <IfModule mod_authn_file.c>
+    AuthType Basic
+    AuthName "phpMyAdmin Setup"
+    AuthUserFile /etc/phpmyadmin/htpasswd.setup
+    </IfModule>
+    Require valid-user
+</Directory>
+# Disallow web access to directories that don't need it
+<Directory /usr/share/phpmyadmin/libraries>
+    Order Deny,Allow
+    Deny from All
+</Directory>
+<Directory /usr/share/phpmyadmin/setup/lib>
+    Order Deny,Allow
+    Deny from All
+</Directory>

diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch new file mode 100644 index 000000000..27eac7762 --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch
@@ -0,0 +1,29 @@
	1	From 90ddeecf60fc029608b972e490b735f3a65ed0cb Mon Sep 17 00:00:00 2001
	2	From: Madhura Jayaratne <madhura.cj@gmail.com>
	3	Date: Sun, 17 Aug 2014 08:52:05 -0400
	4	Subject: [PATCH] bug #4504 [security] Self-XSS in query charts
	5
	6	Upstream-status: Backport
	7
	8	Signed-off-by: Marc Delisle <marc@infomarc.info>
	9	---
	10	js/tbl_chart.js \| 2 +-
	11	2 files changed, 2 insertions(+), 1 deletion(-)
	12
	13	4.2.7.0 (2014-07-31)
	14	diff --git a/js/tbl_chart.js b/js/tbl_chart.js
	15	index 943d4ae..04c9c40 100644
	16	--- a/js/tbl_chart.js
	17	+++ b/js/tbl_chart.js
	18	@@ -47,7 +47,7 @@ function PMA_queryChart(data, columnNames, settings) {
	19	},
	20	axes : {
	21	xaxis : {
	22	- label : settings.xaxisLabel
	23	+ label : escapeHtml(settings.xaxisLabel)
	24	},
	25	yaxis : {
	26	label : settings.yaxisLabel
	27	--
	28	1.7.10.4
	29


diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch new file mode 100644 index 000000000..164a072ef --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch
@@ -0,0 +1,43 @@
	1	From 0cd293f5e13aa245e4a57b8d373597cc0e421b6f Mon Sep 17 00:00:00 2001
	2	From: Madhura Jayaratne <madhura.cj@gmail.com>
	3	Date: Sun, 17 Aug 2014 08:41:57 -0400
	4	Subject: [PATCH] bug #4505 [security] XSS in view operations page
	5
	6	Upstream-Status: Backport
	7
	8	Signed-off-by: Marc Delisle <marc@infomarc.info>
	9	---
	10	ChangeLog \| 3 +++
	11	js/functions.js \| 2 +-
	12	2 files changed, 4 insertions(+), 1 deletion(-)
	13
	14	diff --git a/ChangeLog b/ChangeLog
	15	index 7afac1a..cec9d77 100644
	16	--- a/ChangeLog
	17	+++ b/ChangeLog
	18	@@ -1,6 +1,9 @@
	19	phpMyAdmin - ChangeLog
	20	======================
	21
	22	+4.2.7.1 (2014-08-17)
	23	+- bug #4505 [security] XSS in view operations page
	24	+
	25	4.2.7.0 (2014-07-31)
	26	- bug Broken links on home page
	27	- bug #4494 Overlap in navigation panel
	28	diff --git a/js/functions.js b/js/functions.js
	29	index 09bfeda..a970a81 100644
	30	--- a/js/functions.js
	31	+++ b/js/functions.js
	32	@@ -3585,7 +3585,7 @@ AJAX.registerOnload('functions.js', function () {
	33	var question = PMA_messages.strDropTableStrongWarning + ' ';
	34	question += $.sprintf(
	35	PMA_messages.strDoYouReally,
	36	- 'DROP VIEW ' + PMA_commonParams.get('table')
	37	+ 'DROP VIEW ' + escapeHtml(PMA_commonParams.get('table'))
	38	);
	39
	40	$(this).PMA_confirm(question, $(this).attr('href'), function (url) {
	41	--
	42	1.7.10.4
	43


diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf new file mode 100644 index 000000000..94cbd865c --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf
@@ -0,0 +1,42 @@
	1	# phpMyAdmin default Apache configuration
	2
	3	Alias /phpmyadmin /usr/share/phpmyadmin
	4
	5	<Directory /usr/share/phpmyadmin>
	6	Options FollowSymLinks
	7	DirectoryIndex index.php
	8	Require all granted
	9
	10	<IfModule mod_php5.c>
	11	AddType application/x-httpd-php .php
	12
	13	php_flag magic_quotes_gpc Off
	14	php_flag track_vars On
	15	php_flag register_globals Off
	16	php_admin_flag allow_url_fopen Off
	17	php_value include_path .
	18	php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
	19	php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
	20	</IfModule>
	21	</Directory>
	22
	23	# Authorize for setup
	24	<Directory /usr/share/phpmyadmin/setup>
	25	<IfModule mod_authn_file.c>
	26	AuthType Basic
	27	AuthName "phpMyAdmin Setup"
	28	AuthUserFile /etc/phpmyadmin/htpasswd.setup
	29	</IfModule>
	30	Require valid-user
	31	</Directory>
	32
	33	# Disallow web access to directories that don't need it
	34	<Directory /usr/share/phpmyadmin/libraries>
	35	Order Deny,Allow
	36	Deny from All
	37	</Directory>
	38	<Directory /usr/share/phpmyadmin/setup/lib>
	39	Order Deny,Allow
	40	Deny from All
	41	</Directory>
	42