Sophie: phpmyadmin-4.7.8-5.mga6 src

phpmyadmin-4.7.8-5.mga6.src.rpm

Index: phpMyAdmin-4.7.8-all-languages/libraries/db_designer.lib.php
===================================================================
--- phpMyAdmin-4.7.8-all-languages/libraries/db_designer.lib.php
+++ phpMyAdmin-4.7.8-all-languages/libraries/db_designer.lib.php	2019-01-28 14:20:16.696532775 +0100
@@ -193,7 +193,7 @@
             . PMA\libraries\Util::backquote($cfgRelation['db']) . '.'
             . PMA\libraries\Util::backquote($cfgRelation['designer_settings'])
             . ' WHERE ' . PMA\libraries\Util::backquote('username') . ' = "'
-            . $GLOBALS['cfg']['Server']['user'] . '";';
+            . $GLOBALS['dbi']->escapeString($GLOBALS['cfg']['Server']['user']) . '";';
 
         $result = $GLOBALS['dbi']->fetchSingleRow($query);
 
Index: libraries/pmd_common.php
===================================================================
--- phpMyAdmin-4.7.8-all-languages/libraries/pmd_common.php
+++ phpMyAdmin-4.7.8-all-languages/libraries/pmd_common.php	2019-01-28 14:21:38.943766317 +0100
@@ -761,7 +761,7 @@
                 . PMA\libraries\Util::backquote($cfgDesigner['db'])
                 . "." . PMA\libraries\Util::backquote($cfgDesigner['table'])
                 . " (username, settings_data)"
-                . " VALUES('" . $cfgDesigner['user'] . "',"
+                . " VALUES('" . $GLOBALS['dbi']->escapeString($cfgDesigner['user']) . "',"
                 . " '" . json_encode($save_data) . "');";
 
             $success = PMA_queryAsControlUser($query);
Index: libraries/dbi/DBIMysql.php
===================================================================
--- phpMyAdmin-4.7.8-all-languages/libraries/dbi/DBIMysql.php
+++ phpMyAdmin-4.7.8-all-languages/libraries/dbi/DBIMysql.php	2019-01-28 14:17:02.556084376 +0100
@@ -52,6 +52,10 @@
     ) {
         global $cfg;
 
+        if (ini_get('mysql.allow_local_infile')) {
+            PMA_fatalError(__('Please disable mysql.allow_local_infile in your PHP configuration or install the mysqli extension.'));
+        }
+
         if (empty($client_flags)) {
             if ($cfg['PersistentConnections'] || $persistent) {
                 $link = @mysql_pconnect($server, $user, $password);
Index: phpMyAdmin-4.7.8-all-languages/libraries/dbi/DBIMysqli.php
===================================================================
--- phpMyAdmin-4.7.8-all-languages/libraries/dbi/DBIMysqli.php
+++ phpMyAdmin-4.7.8-all-languages/libraries/dbi/DBIMysqli.php	2019-01-28 14:18:42.415225312 +0100
@@ -79,11 +79,6 @@
 
         $link = mysqli_init();
 
-        if (defined('PMA_ENABLE_LDI')) {
-            mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, true);
-        } else {
-            mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, false);
-        }
 
         $client_flags = 0;
 
@@ -166,6 +161,12 @@
             return false;
         }
 
+        if (defined('PMA_ENABLE_LDI')) {
+            mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, true);
+        } else {
+            mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, false);
+        }
+        
         return $link;
     }