Description: CVE-2016-4855: XSS vulnerability in old test script
 This issue was reported by JPCERT Coordination Center (JPCERT/CC) with
 reference JVN#48237713.
 .
 The root cause is a foreach loop processing all GET parameters and
 blindly assigning them to variables, allowing an attacker to
 replace contents of global variables.
 .
 This limits variable processing using a regex matching those used in
 testdatabases.inc.php (i.e. beginning with 'test' or 'no').
 .
 Debian is not dirrectly affected by this, since test.php is only
 shipped in /usr/share/doc/libphp-adodb/examples/.
Author: Damien Regad <dregad@mantisbt.org>
Origin: upstream, https://github.com/ADOdb/ADOdb/commit/ecb93d8c1
Bug: https://github.com/ADOdb/ADOdb/issues/274
Bug-Debian: https://bugs.debian.org/837418
Reviewed-By: Jean-Michel Vourgère <nirgal@debian.org>
Last-Update: 2016-10-11

--- libphp-adodb-5.12.orig/tests/test.php
+++ libphp-adodb-5.12/tests/test.php
@@ -1714,8 +1714,11 @@ if (sizeof($_GET) == 0) $testmysql = tru
 
 
 foreach($_GET as $k=>$v)  {
-	//global $$k;
-	$$k = $v;
+	// XSS protection (see Github issue #274) - only set variables for
+	// expected get parameters used in testdatabases.inc.php
+	if(preg_match('/^(test|no)\w+$/', $k)) {
+		$$k = $v;
+	}
 }	
 
 ?>
