From df6fba56beafa875cc47a94a400d3e664654e346 Mon Sep 17 00:00:00 2001
From: chriskl <chriskl>
Date: Fri, 15 Jul 2005 08:09:20 +0000
Subject: [PATCH] Fix security hole and the data export bug.  Brand phpPgAdmin
 3.5.4 ready for release.

---
 HISTORY               | 13 +++++++++++++
 dataexport.php        |  8 ++++----
 libraries/lib.inc.php |  7 ++++---
 3 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/HISTORY b/HISTORY
index 749e172c..6282e1cd 100644
--- a/HISTORY
+++ b/HISTORY
@@ -1,6 +1,19 @@
 phpPgAdmin History
 ------------------
 
+Version 3.5.4
+-------------
+
+Bugs
+* Fix security hole in include() of language file:
+   http://secunia.com/advisories/15941/
+  Check now requires that the language filename be in the list
+  of known allowed filenames.
+* Fix that functions returning cstring were not being listed
+* Make parsing of PostgreSQL 1-dimensional arrays correct.  Makes
+  named function parameter use more reliable.
+* Fix downloading of the results of multiline queries.
+
 Version 3.5.3
 -------------
 
diff --git a/dataexport.php b/dataexport.php
index f6adacd6..8e4b520f 100644
--- a/dataexport.php
+++ b/dataexport.php
@@ -4,7 +4,7 @@
 	 * Does an export to the screen or as a download.  This checks to
 	 * see if they have pg_dump set up, and will use it if possible.
 	 *
-	 * $Id: dataexport.php,v 1.17.2.2 2005/03/04 02:32:44 chriskl Exp $
+	 * $Id: dataexport.php,v 1.17.2.3 2005/07/15 08:09:20 chriskl Exp $
 	 */
 
 	$extensions = array(
@@ -101,7 +101,7 @@
 			if (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE') && isset($_SERVER['HTTPS'])) {
 				header('Content-Type: text/plain');
 			}
-			else {
+			else {
 				header('Content-Type: application/download');
 		
 				if (isset($extensions[$format]))
@@ -116,7 +116,7 @@
 			header('Content-Type: text/plain');
 		}
 	
-		if (isset($_REQUEST['query'])) $_REQUEST['query'] = trim(unserialize($_REQUEST['query']));
+		if (isset($_REQUEST['query'])) $_REQUEST['query'] = trim(urldecode($_REQUEST['query']));
 
 		// Set up the dump transaction
 		$status = $data->beginDump();
@@ -354,7 +354,7 @@
 		if (isset($_REQUEST['table'])) {
 			echo "<input type=\"hidden\" name=\"table\" value=\"", htmlspecialchars($_REQUEST['table']), "\" />\n";
 		}
-		echo "<input type=\"hidden\" name=\"query\" value=\"", htmlspecialchars(serialize($_REQUEST['query'])), "\" />\n";
+		echo "<input type=\"hidden\" name=\"query\" value=\"", htmlspecialchars(urlencode($_REQUEST['query'])), "\" />\n";
 		echo $misc->form;
 		echo "<input type=\"submit\" value=\"{$lang['strexport']}\" /></p>\n";
 		echo "</form>\n";
diff --git a/libraries/lib.inc.php b/libraries/lib.inc.php
index 2606b1c5..40ddabbb 100644
--- a/libraries/lib.inc.php
+++ b/libraries/lib.inc.php
@@ -3,7 +3,7 @@
 	/**
 	 * Function library read in upon startup
 	 *
-	 * $Id: lib.inc.php,v 1.88.2.4 2005/04/16 05:11:05 chriskl Exp $
+	 * $Id: lib.inc.php,v 1.88.2.5 2005/07/15 08:09:20 chriskl Exp $
 	 */
 	
 	// Set error reporting level to max
@@ -13,7 +13,7 @@
 	$appName = 'phpPgAdmin';
 
 	// Application version
-	$appVersion = '3.5.3';
+	$appVersion = '3.5.4';
 
 	// PostgreSQL and PHP minimum version
 	$postgresqlMinVer = '7.0';
@@ -97,7 +97,8 @@
 	
 	// If login action is set, then set session variables
 	if (isset($_POST['formServer']) && isset($_POST['formUsername']) && 
-		isset($_POST['formPassword']) && isset($_POST['formLanguage'])) {
+		isset($_POST['formPassword']) && isset($_POST['formLanguage'])
+			&& in_array($_POST['formLanguage'], array_keys($appLangFiles))) {
 		$_SESSION['webdbServerID'] = $_POST['formServer'];
 		$_SESSION['webdbUsername'] = $_POST['formUsername'];
 		$_SESSION['webdbPassword'] = $_POST['formPassword'];
-- 
2.39.5