community/phpmyadmin: add missing patch

2 files changed, 112 insertions, 1 deletions

diff --git a/community/phpmyadmin/APKBUILD b/community/phpmyadmin/APKBUILD
index 829169dcaf..f5576b1ecb 100644
--- a/community/phpmyadmin/APKBUILD
+++ b/community/phpmyadmin/APKBUILD
@@ -4,7 +4,7 @@
 _php=php5
 pkgname=phpmyadmin
 pkgver=4.8.0
-pkgrel=1
+pkgrel=2
 pkgdesc="A Web-based PHP tool for administering MySQL"
 url="https://www.phpmyadmin.net/"
 arch="noarch"
diff --git a/community/phpmyadmin/CVE-2018-10188.patch b/community/phpmyadmin/CVE-2018-10188.patch
new file mode 100644
index 0000000000..e607e19d84
--- /dev/null
+++ b/community/phpmyadmin/CVE-2018-10188.patch
@@ -0,0 +1,111 @@
+From c6dd6b56e236a3aff953cee4135ecaa67130e641 Mon Sep 17 00:00:00 2001
+From: Madhura Jayaratne <madhura.cj@gmail.com>
+Date: Wed, 18 Apr 2018 00:07:48 +1000
+Subject: [PATCH] Fix phpmyadmin-security#240 Multiple CSRF vulnerabilities
+
+Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
+---
+ js/db_operations.js              | 7 +++----
+ js/tbl_operations.js             | 6 ++++--
+ libraries/classes/Operations.php | 9 +++++----
+ sql.php                          | 4 ++--
+ 5 files changed, 16 insertions(+), 13 deletions(-)
+
+diff --git a/js/db_operations.js b/js/db_operations.js
+index 5a8e95d5799..b65733d896f 100644
+--- a/js/db_operations.js
++++ b/js/db_operations.js
+@@ -134,6 +134,7 @@ AJAX.registerOnload('db_operations.js', function () {
+      */
+     $(document).on('click', '#drop_db_anchor.ajax', function (event) {
+         event.preventDefault();
++        var $link = $(this);
+         /**
+          * @var question    String containing the question to be asked for confirmation
+          */
+@@ -142,10 +143,8 @@ AJAX.registerOnload('db_operations.js', function () {
+             PMA_messages.strDoYouReally,
+             'DROP DATABASE `' + escapeHtml(PMA_commonParams.get('db') + '`')
+         );
+-        var params = {
+-            'is_js_confirmed': '1',
+-            'ajax_request': true
+-        };
++        var params = getJSConfirmCommonParam(this, $link.getPostData());
++
+         $(this).PMA_confirm(question, $(this).attr('href'), function (url) {
+             PMA_ajaxShowMessage(PMA_messages.strProcessingRequest);
+             $.post(url, params, function (data) {
+diff --git a/js/tbl_operations.js b/js/tbl_operations.js
+index 2763e0263c2..59b8c534e7c 100644
+--- a/js/tbl_operations.js
++++ b/js/tbl_operations.js
+@@ -218,6 +218,7 @@ AJAX.registerOnload('tbl_operations.js', function () {
+ 
+     $(document).on('click', '#drop_tbl_anchor.ajax', function (event) {
+         event.preventDefault();
++        var $link = $(this);
+         /**
+          * @var question    String containing the question to be asked for confirmation
+          */
+@@ -230,7 +231,7 @@ AJAX.registerOnload('tbl_operations.js', function () {
+         $(this).PMA_confirm(question, $(this).attr('href'), function (url) {
+             var $msgbox = PMA_ajaxShowMessage(PMA_messages.strProcessingRequest);
+ 
+-            var params = getJSConfirmCommonParam(this);
++            var params = getJSConfirmCommonParam(this, $link.getPostData());
+ 
+             $.post(url, params, function (data) {
+                 if (typeof data !== 'undefined' && data.success === true) {
+@@ -289,6 +290,7 @@ AJAX.registerOnload('tbl_operations.js', function () {
+ 
+     $(document).on('click', '#truncate_tbl_anchor.ajax', function (event) {
+         event.preventDefault();
++        var $link = $(this);
+         /**
+          * @var question    String containing the question to be asked for confirmation
+          */
+@@ -300,7 +302,7 @@ AJAX.registerOnload('tbl_operations.js', function () {
+         $(this).PMA_confirm(question, $(this).attr('href'), function (url) {
+             PMA_ajaxShowMessage(PMA_messages.strProcessingRequest);
+ 
+-            var params = getJSConfirmCommonParam(this);
++            var params = getJSConfirmCommonParam(this, $link.getPostData());
+ 
+             $.post(url, params, function (data) {
+                 if ($('.sqlqueryresults').length !== 0) {
+diff --git a/libraries/classes/Operations.php b/libraries/classes/Operations.php
+index e62038a5727..d7277edb8bc 100644
+--- a/libraries/classes/Operations.php
++++ b/libraries/classes/Operations.php
+@@ -1559,10 +1559,11 @@ public function getHtmlForDeleteDataOrTable(
+      */
+     public function getDeleteDataOrTablelink(array $url_params, $syntax, $link, $htmlId)
+     {
+-        return  '<li><a '
+-            . 'href="sql.php' . Url::getCommon($url_params) . '"'
+-            . ' id="' . $htmlId . '" class="ajax">'
+-            . $link . '</a>'
++        return '<li>' . Util::linkOrButton(
++                'sql.php' . Url::getCommon($url_params),
++                $link,
++                array('id' => $htmlId, 'class' => 'ajax')
++            )
+             . Util::showMySQLDocu($syntax)
+             . '</li>';
+     }
+diff --git a/sql.php b/sql.php
+index 13eb168e03f..056497fd3bc 100644
+--- a/sql.php
++++ b/sql.php
+@@ -69,8 +69,8 @@
+ // Coming from a bookmark dialog
+ if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
+     $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
+-} elseif (isset($_GET['sql_query'])) {
+-    $sql_query = $_GET['sql_query'];
++} elseif (isset($_POST['sql_query'])) {
++    $sql_query = $_POST['sql_query'];
+ }
+ 
+ // This one is just to fill $db