phpPgAdmin History
------------------
+Version 3.5.4
+-------------
+
+Bugs
+* Fix security hole in include() of language file:
+ http://secunia.com/advisories/15941/
+ Check now requires that the language filename be in the list
+ of known allowed filenames.
+* Fix that functions returning cstring were not being listed
+* Make parsing of PostgreSQL 1-dimensional arrays correct. Makes
+ named function parameter use more reliable.
+* Fix downloading of the results of multiline queries.
+
Version 3.5.3
-------------
* Does an export to the screen or as a download. This checks to
* see if they have pg_dump set up, and will use it if possible.
*
- * $Id: dataexport.php,v 1.17.2.2 2005/03/04 02:32:44 chriskl Exp $
+ * $Id: dataexport.php,v 1.17.2.3 2005/07/15 08:09:20 chriskl Exp $
*/
$extensions = array(
if (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE') && isset($_SERVER['HTTPS'])) {
header('Content-Type: text/plain');
}
- else {\r
+ else {
header('Content-Type: application/download');
if (isset($extensions[$format]))
header('Content-Type: text/plain');
}
- if (isset($_REQUEST['query'])) $_REQUEST['query'] = trim(unserialize($_REQUEST['query']));
+ if (isset($_REQUEST['query'])) $_REQUEST['query'] = trim(urldecode($_REQUEST['query']));
// Set up the dump transaction
$status = $data->beginDump();
if (isset($_REQUEST['table'])) {
echo "<input type=\"hidden\" name=\"table\" value=\"", htmlspecialchars($_REQUEST['table']), "\" />\n";
}
- echo "<input type=\"hidden\" name=\"query\" value=\"", htmlspecialchars(serialize($_REQUEST['query'])), "\" />\n";
+ echo "<input type=\"hidden\" name=\"query\" value=\"", htmlspecialchars(urlencode($_REQUEST['query'])), "\" />\n";
echo $misc->form;
echo "<input type=\"submit\" value=\"{$lang['strexport']}\" /></p>\n";
echo "</form>\n";
/**
* Function library read in upon startup
*
- * $Id: lib.inc.php,v 1.88.2.4 2005/04/16 05:11:05 chriskl Exp $
+ * $Id: lib.inc.php,v 1.88.2.5 2005/07/15 08:09:20 chriskl Exp $
*/
// Set error reporting level to max
$appName = 'phpPgAdmin';
// Application version
- $appVersion = '3.5.3';
+ $appVersion = '3.5.4';
// PostgreSQL and PHP minimum version
$postgresqlMinVer = '7.0';
// If login action is set, then set session variables
if (isset($_POST['formServer']) && isset($_POST['formUsername']) &&
- isset($_POST['formPassword']) && isset($_POST['formLanguage'])) {
+ isset($_POST['formPassword']) && isset($_POST['formLanguage'])
+ && in_array($_POST['formLanguage'], array_keys($appLangFiles))) {
$_SESSION['webdbServerID'] = $_POST['formServer'];
$_SESSION['webdbUsername'] = $_POST['formUsername'];
$_SESSION['webdbPassword'] = $_POST['formPassword'];
projects / phppgadmin.git / commitdiff