diffstat for phpliteadmin-1.9.8.2 phpliteadmin-1.9.8.2

 changelog                     |    8 ++++++++
 control                       |    3 ++-
 patches/Fix-newRows-XSS.patch |   18 ++++++++++++++++++
 patches/series                |    1 +
 4 files changed, 29 insertions(+), 1 deletion(-)

diff -Nru phpliteadmin-1.9.8.2/debian/changelog phpliteadmin-1.9.8.2/debian/changelog
--- phpliteadmin-1.9.8.2/debian/changelog	2019-09-18 18:20:28.000000000 +0300
+++ phpliteadmin-1.9.8.2/debian/changelog	2022-03-13 16:25:03.000000000 +0300
@@ -1,3 +1,11 @@
+phpliteadmin (1.9.8.2-1ubuntu0.20.04.1) focal-security; urgency=medium
+
+  * SECURITY UPDATE: cross-site scripting (LP: #1964710)
+    - debian/patches/Fix-newRows-XSS.patch:
+      Forcibly cast input value to integer. Original fix.
+
+ -- Nicholas Guriev <guriev-ns@ya.ru>  Sun, 13 Mar 2022 16:25:03 +0300
+
 phpliteadmin (1.9.8.2-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru phpliteadmin-1.9.8.2/debian/control phpliteadmin-1.9.8.2/debian/control
--- phpliteadmin-1.9.8.2/debian/control	2019-09-18 18:20:28.000000000 +0300
+++ phpliteadmin-1.9.8.2/debian/control	2022-03-13 16:25:03.000000000 +0300
@@ -1,7 +1,8 @@
 Source: phpliteadmin
 Section: web
 Priority: optional
-Maintainer: Nicholas Guriev <guriev-ns@ya.ru>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Nicholas Guriev <guriev-ns@ya.ru>
 Build-Depends: debhelper-compat (= 12), dh-apache2
 Build-Depends-Indep: php-cli
 Standards-Version: 4.4.0
diff -Nru phpliteadmin-1.9.8.2/debian/patches/Fix-newRows-XSS.patch phpliteadmin-1.9.8.2/debian/patches/Fix-newRows-XSS.patch
--- phpliteadmin-1.9.8.2/debian/patches/Fix-newRows-XSS.patch	1970-01-01 03:00:00.000000000 +0300
+++ phpliteadmin-1.9.8.2/debian/patches/Fix-newRows-XSS.patch	2022-03-13 16:22:40.000000000 +0300
@@ -0,0 +1,18 @@
+Description: Fix an XSS vulnerability with the newRows GET parameter
+ Forcibly cast value to integer.
+Bug: https://bitbucket.org/phpliteadmin/public/issues/399/xss-vulnerability
+Forwarded: https://bitbucket.org/phpliteadmin/public/pull-requests/16/fix-an-xss-vulnerability-with-the-newrows
+Author: Nicholas Guriev <guriev-ns@ya.ru>
+Last-Update: Thu, 10 Mar 2022 21:21:36 +0300
+
+--- a/index.php
++++ b/index.php
+@@ -2613,7 +2613,7 @@ if(isset($_GET['action']) && !isset($_GE
+ 			echo $params->getForm(array('action'=>'row_create','confirm'=>'1'), 'post', true);
+ 			$tableInfo = $db->getTableInfo($target_table);
+ 			if(isset($_GET['newRows']))
+-				$num = $_GET['newRows'];
++				$num = (int)$_GET['newRows'];
+ 			else
+ 				$num = 1;
+ 			echo "<input type='hidden' name='newRows' value='".$num."'/>";
diff -Nru phpliteadmin-1.9.8.2/debian/patches/series phpliteadmin-1.9.8.2/debian/patches/series
--- phpliteadmin-1.9.8.2/debian/patches/series	2019-09-18 18:20:28.000000000 +0300
+++ phpliteadmin-1.9.8.2/debian/patches/series	2022-03-13 16:22:40.000000000 +0300
@@ -1,2 +1,3 @@
 Remove-spontaneous-access-to-Internet.patch
 Remove-using-build-date.patch
+Fix-newRows-XSS.patch