diff options
| -rw-r--r-- | community/phpmyadmin/APKBUILD | 16 | ||||
| -rw-r--r-- | community/phpmyadmin/CVE-2018-10188.patch | 111 |
2 files changed, 7 insertions, 120 deletions
diff --git a/community/phpmyadmin/APKBUILD b/community/phpmyadmin/APKBUILD index f5576b1ecb..a3f7fde426 100644 --- a/community/phpmyadmin/APKBUILD +++ b/community/phpmyadmin/APKBUILD @@ -1,15 +1,15 @@ # Contributor: Sergei Lukin <sergej.lukin@gmail.com> # Contributor: Matt Smith <mcs@darkregion.net> -# Maintainer: Matt Smith <mcs@darkregion.net> -_php=php5 +# Maintainer: Andy Postnikov <apostnikov@gmail.com> +_php=php7 pkgname=phpmyadmin -pkgver=4.8.0 -pkgrel=2 +pkgver=4.8.1 +pkgrel=0 pkgdesc="A Web-based PHP tool for administering MySQL" url="https://www.phpmyadmin.net/" arch="noarch" license="GPL-2.0 MIT BSD" -depends="${_php} ${_php}-mysqli ${_php}-zip ${_php}-zlib ${_php}-bz2 +depends="${_php} ${_php}-mysqli ${_php}-zip ${_php}-bz2 ${_php}-ctype ${_php}-gd ${_php}-mcrypt ${_php}-json" depends_dev= makedepends="$depends_dev" @@ -18,7 +18,6 @@ subpackages="$pkgname-doc" _fullpkgname=phpMyAdmin-$pkgver-all-languages source="https://files.phpmyadmin.net/phpMyAdmin/$pkgver/$_fullpkgname.tar.xz $pkgname.apache2.conf - CVE-2018-10188.patch " options="!check" # tests require running MySQL @@ -103,6 +102,5 @@ doc() { done } -sha512sums="50d69ebc1e0a814d1a348a59e6cb42931dbd1d8a9b16e542293b8e30e2ed0ec45ccd993c4388733ce3b099536db39accbc86941554710a4b4b4de8368f9dac02 phpMyAdmin-4.8.0-all-languages.tar.xz -c6af2960b95924c31cc05d90e7282ba9be6cb6eabb134b8bb627230a4253c017eca75132420a356acd6aecdce146e29666ed90fc90749820060a64478d3e2105 phpmyadmin.apache2.conf -04abc7767b4fd435f405110fea9ba072ccee1e16e77a82671b2c6a23636286d29f188a0abc29b6ff39918d9ea9cd3be79464d1b49be2f18f7a487d33f9713e8e CVE-2018-10188.patch" +sha512sums="93f04c76b8a0a73ff61dbe3edb9df8b1536eb18f5b5944c2f5eb0e8f5eddb183497c4c2e4a3d290f70422a49027c1de220630bdce731a6b7315b1d3295641d0c phpMyAdmin-4.8.1-all-languages.tar.xz +c6af2960b95924c31cc05d90e7282ba9be6cb6eabb134b8bb627230a4253c017eca75132420a356acd6aecdce146e29666ed90fc90749820060a64478d3e2105 phpmyadmin.apache2.conf" diff --git a/community/phpmyadmin/CVE-2018-10188.patch b/community/phpmyadmin/CVE-2018-10188.patch deleted file mode 100644 index e607e19d84..0000000000 --- a/community/phpmyadmin/CVE-2018-10188.patch +++ /dev/null @@ -1,111 +0,0 @@ -From c6dd6b56e236a3aff953cee4135ecaa67130e641 Mon Sep 17 00:00:00 2001 -From: Madhura Jayaratne <madhura.cj@gmail.com> -Date: Wed, 18 Apr 2018 00:07:48 +1000 -Subject: [PATCH] Fix phpmyadmin-security#240 Multiple CSRF vulnerabilities - -Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> ---- - js/db_operations.js | 7 +++---- - js/tbl_operations.js | 6 ++++-- - libraries/classes/Operations.php | 9 +++++---- - sql.php | 4 ++-- - 5 files changed, 16 insertions(+), 13 deletions(-) - -diff --git a/js/db_operations.js b/js/db_operations.js -index 5a8e95d5799..b65733d896f 100644 ---- a/js/db_operations.js -+++ b/js/db_operations.js -@@ -134,6 +134,7 @@ AJAX.registerOnload('db_operations.js', function () { - */ - $(document).on('click', '#drop_db_anchor.ajax', function (event) { - event.preventDefault(); -+ var $link = $(this); - /** - * @var question String containing the question to be asked for confirmation - */ -@@ -142,10 +143,8 @@ AJAX.registerOnload('db_operations.js', function () { - PMA_messages.strDoYouReally, - 'DROP DATABASE `' + escapeHtml(PMA_commonParams.get('db') + '`') - ); -- var params = { -- 'is_js_confirmed': '1', -- 'ajax_request': true -- }; -+ var params = getJSConfirmCommonParam(this, $link.getPostData()); -+ - $(this).PMA_confirm(question, $(this).attr('href'), function (url) { - PMA_ajaxShowMessage(PMA_messages.strProcessingRequest); - $.post(url, params, function (data) { -diff --git a/js/tbl_operations.js b/js/tbl_operations.js -index 2763e0263c2..59b8c534e7c 100644 ---- a/js/tbl_operations.js -+++ b/js/tbl_operations.js -@@ -218,6 +218,7 @@ AJAX.registerOnload('tbl_operations.js', function () { - - $(document).on('click', '#drop_tbl_anchor.ajax', function (event) { - event.preventDefault(); -+ var $link = $(this); - /** - * @var question String containing the question to be asked for confirmation - */ -@@ -230,7 +231,7 @@ AJAX.registerOnload('tbl_operations.js', function () { - $(this).PMA_confirm(question, $(this).attr('href'), function (url) { - var $msgbox = PMA_ajaxShowMessage(PMA_messages.strProcessingRequest); - -- var params = getJSConfirmCommonParam(this); -+ var params = getJSConfirmCommonParam(this, $link.getPostData()); - - $.post(url, params, function (data) { - if (typeof data !== 'undefined' && data.success === true) { -@@ -289,6 +290,7 @@ AJAX.registerOnload('tbl_operations.js', function () { - - $(document).on('click', '#truncate_tbl_anchor.ajax', function (event) { - event.preventDefault(); -+ var $link = $(this); - /** - * @var question String containing the question to be asked for confirmation - */ -@@ -300,7 +302,7 @@ AJAX.registerOnload('tbl_operations.js', function () { - $(this).PMA_confirm(question, $(this).attr('href'), function (url) { - PMA_ajaxShowMessage(PMA_messages.strProcessingRequest); - -- var params = getJSConfirmCommonParam(this); -+ var params = getJSConfirmCommonParam(this, $link.getPostData()); - - $.post(url, params, function (data) { - if ($('.sqlqueryresults').length !== 0) { -diff --git a/libraries/classes/Operations.php b/libraries/classes/Operations.php -index e62038a5727..d7277edb8bc 100644 ---- a/libraries/classes/Operations.php -+++ b/libraries/classes/Operations.php -@@ -1559,10 +1559,11 @@ public function getHtmlForDeleteDataOrTable( - */ - public function getDeleteDataOrTablelink(array $url_params, $syntax, $link, $htmlId) - { -- return '<li><a ' -- . 'href="sql.php' . Url::getCommon($url_params) . '"' -- . ' id="' . $htmlId . '" class="ajax">' -- . $link . '</a>' -+ return '<li>' . Util::linkOrButton( -+ 'sql.php' . Url::getCommon($url_params), -+ $link, -+ array('id' => $htmlId, 'class' => 'ajax') -+ ) - . Util::showMySQLDocu($syntax) - . '</li>'; - } -diff --git a/sql.php b/sql.php -index 13eb168e03f..056497fd3bc 100644 ---- a/sql.php -+++ b/sql.php -@@ -69,8 +69,8 @@ - // Coming from a bookmark dialog - if (isset($_POST['bkm_fields']['bkm_sql_query'])) { - $sql_query = $_POST['bkm_fields']['bkm_sql_query']; --} elseif (isset($_GET['sql_query'])) { -- $sql_query = $_GET['sql_query']; -+} elseif (isset($_POST['sql_query'])) { -+ $sql_query = $_POST['sql_query']; - } - - // This one is just to fill $db |