diff options
Diffstat (limited to 'meta-webserver/recipes-php/phpmyadmin/phpmyadmin')
3 files changed, 114 insertions, 0 deletions
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch new file mode 100644 index 000000000..27eac7762 --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From 90ddeecf60fc029608b972e490b735f3a65ed0cb Mon Sep 17 00:00:00 2001 | ||
2 | From: Madhura Jayaratne <madhura.cj@gmail.com> | ||
3 | Date: Sun, 17 Aug 2014 08:52:05 -0400 | ||
4 | Subject: [PATCH] bug #4504 [security] Self-XSS in query charts | ||
5 | |||
6 | Upstream-status: Backport | ||
7 | |||
8 | Signed-off-by: Marc Delisle <marc@infomarc.info> | ||
9 | --- | ||
10 | js/tbl_chart.js | 2 +- | ||
11 | 2 files changed, 2 insertions(+), 1 deletion(-) | ||
12 | |||
13 | 4.2.7.0 (2014-07-31) | ||
14 | diff --git a/js/tbl_chart.js b/js/tbl_chart.js | ||
15 | index 943d4ae..04c9c40 100644 | ||
16 | --- a/js/tbl_chart.js | ||
17 | +++ b/js/tbl_chart.js | ||
18 | @@ -47,7 +47,7 @@ function PMA_queryChart(data, columnNames, settings) { | ||
19 | }, | ||
20 | axes : { | ||
21 | xaxis : { | ||
22 | - label : settings.xaxisLabel | ||
23 | + label : escapeHtml(settings.xaxisLabel) | ||
24 | }, | ||
25 | yaxis : { | ||
26 | label : settings.yaxisLabel | ||
27 | -- | ||
28 | 1.7.10.4 | ||
29 | |||
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch new file mode 100644 index 000000000..164a072ef --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | From 0cd293f5e13aa245e4a57b8d373597cc0e421b6f Mon Sep 17 00:00:00 2001 | ||
2 | From: Madhura Jayaratne <madhura.cj@gmail.com> | ||
3 | Date: Sun, 17 Aug 2014 08:41:57 -0400 | ||
4 | Subject: [PATCH] bug #4505 [security] XSS in view operations page | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | Signed-off-by: Marc Delisle <marc@infomarc.info> | ||
9 | --- | ||
10 | ChangeLog | 3 +++ | ||
11 | js/functions.js | 2 +- | ||
12 | 2 files changed, 4 insertions(+), 1 deletion(-) | ||
13 | |||
14 | diff --git a/ChangeLog b/ChangeLog | ||
15 | index 7afac1a..cec9d77 100644 | ||
16 | --- a/ChangeLog | ||
17 | +++ b/ChangeLog | ||
18 | @@ -1,6 +1,9 @@ | ||
19 | phpMyAdmin - ChangeLog | ||
20 | ====================== | ||
21 | |||
22 | +4.2.7.1 (2014-08-17) | ||
23 | +- bug #4505 [security] XSS in view operations page | ||
24 | + | ||
25 | 4.2.7.0 (2014-07-31) | ||
26 | - bug Broken links on home page | ||
27 | - bug #4494 Overlap in navigation panel | ||
28 | diff --git a/js/functions.js b/js/functions.js | ||
29 | index 09bfeda..a970a81 100644 | ||
30 | --- a/js/functions.js | ||
31 | +++ b/js/functions.js | ||
32 | @@ -3585,7 +3585,7 @@ AJAX.registerOnload('functions.js', function () { | ||
33 | var question = PMA_messages.strDropTableStrongWarning + ' '; | ||
34 | question += $.sprintf( | ||
35 | PMA_messages.strDoYouReally, | ||
36 | - 'DROP VIEW ' + PMA_commonParams.get('table') | ||
37 | + 'DROP VIEW ' + escapeHtml(PMA_commonParams.get('table')) | ||
38 | ); | ||
39 | |||
40 | $(this).PMA_confirm(question, $(this).attr('href'), function (url) { | ||
41 | -- | ||
42 | 1.7.10.4 | ||
43 | |||
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf new file mode 100644 index 000000000..94cbd865c --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf | |||
@@ -0,0 +1,42 @@ | |||
1 | # phpMyAdmin default Apache configuration | ||
2 | |||
3 | Alias /phpmyadmin /usr/share/phpmyadmin | ||
4 | |||
5 | <Directory /usr/share/phpmyadmin> | ||
6 | Options FollowSymLinks | ||
7 | DirectoryIndex index.php | ||
8 | Require all granted | ||
9 | |||
10 | <IfModule mod_php5.c> | ||
11 | AddType application/x-httpd-php .php | ||
12 | |||
13 | php_flag magic_quotes_gpc Off | ||
14 | php_flag track_vars On | ||
15 | php_flag register_globals Off | ||
16 | php_admin_flag allow_url_fopen Off | ||
17 | php_value include_path . | ||
18 | php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp | ||
19 | php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/ | ||
20 | </IfModule> | ||
21 | </Directory> | ||
22 | |||
23 | # Authorize for setup | ||
24 | <Directory /usr/share/phpmyadmin/setup> | ||
25 | <IfModule mod_authn_file.c> | ||
26 | AuthType Basic | ||
27 | AuthName "phpMyAdmin Setup" | ||
28 | AuthUserFile /etc/phpmyadmin/htpasswd.setup | ||
29 | </IfModule> | ||
30 | Require valid-user | ||
31 | </Directory> | ||
32 | |||
33 | # Disallow web access to directories that don't need it | ||
34 | <Directory /usr/share/phpmyadmin/libraries> | ||
35 | Order Deny,Allow | ||
36 | Deny from All | ||
37 | </Directory> | ||
38 | <Directory /usr/share/phpmyadmin/setup/lib> | ||
39 | Order Deny,Allow | ||
40 | Deny from All | ||
41 | </Directory> | ||
42 | |||