From 4e168401ae632b02a78db7d06475cb2131ef7f44 Mon Sep 17 00:00:00 2001 From: azurit Date: Wed, 10 Jun 2026 11:15:32 +0200 Subject: [PATCH 1/3] Update phpmyadmin-rule-exclusions-before.conf --- plugins/phpmyadmin-rule-exclusions-before.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plugins/phpmyadmin-rule-exclusions-before.conf b/plugins/phpmyadmin-rule-exclusions-before.conf index 100e6bb..f04b4cd 100644 --- a/plugins/phpmyadmin-rule-exclusions-before.conf +++ b/plugins/phpmyadmin-rule-exclusions-before.conf @@ -361,7 +361,9 @@ SecRule REQUEST_FILENAME "@endsWith /import.php" \ ctl:ruleRemoveTargetById=932140;ARGS:sql_query,\ ctl:ruleRemoveTargetById=932150;ARGS:sql_query,\ ctl:ruleRemoveTargetById=932160;ARGS:sql_query,\ + ctl:ruleRemoveTargetById=932230;ARGS:sql_query,\ ctl:ruleRemoveTargetById=932235;ARGS:sql_query,\ + ctl:ruleRemoveTargetById=932250;ARGS:sql_query,\ ctl:ruleRemoveTargetById=932370;ARGS:sql_query,\ ctl:ruleRemoveTargetById=932380;ARGS:sql_query,\ ctl:ruleRemoveTargetById=933100;ARGS:sql_query,\ @@ -839,7 +841,9 @@ SecRule ARGS:route "@streq /import" \ ctl:ruleRemoveTargetById=932150;ARGS:sql_query,\ ctl:ruleRemoveTargetById=932140;ARGS:sql_query,\ ctl:ruleRemoveTargetById=932160;ARGS:sql_query,\ + ctl:ruleRemoveTargetById=932230;ARGS:sql_query,\ ctl:ruleRemoveTargetById=932235;ARGS:sql_query,\ + ctl:ruleRemoveTargetById=932250;ARGS:sql_query,\ ctl:ruleRemoveTargetById=932370;ARGS:sql_query,\ ctl:ruleRemoveTargetById=932380;ARGS:sql_query,\ ctl:ruleRemoveTargetById=933100;ARGS:sql_query,\ From 6b578d1288f1b330a70e510f105d7a8c463c9383 Mon Sep 17 00:00:00 2001 From: azurit Date: Wed, 10 Jun 2026 11:37:32 +0200 Subject: [PATCH 2/3] Comment out test case for data import in YAML --- .../regression/phpmyadmin-plugin/9513290.yaml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/regression/phpmyadmin-plugin/9513290.yaml b/tests/regression/phpmyadmin-plugin/9513290.yaml index 188addd..5c8a2fe 100644 --- a/tests/regression/phpmyadmin-plugin/9513290.yaml +++ b/tests/regression/phpmyadmin-plugin/9513290.yaml @@ -47,3 +47,23 @@ # output: # log: # no_expect_ids: [932180] +# - test_id: 3 +# desc: FP related to data import (command time) +# stages: +# - input: +# dest_addr: 127.0.0.1 +# headers: +# Host: localhost +# User-Agent: "OWASP CRS test agent" +# Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 +# Cookie: phpMyAdmin=1 +# port: 80 +# method: POST +# version: HTTP/1.1 +# uri: /post/import.php +# data: sql_query=CREATE%20TABLE%20t_event%20%28%0A%20%20id%20%20%20%20%20%20%20%20%20%20%20%20INT%20NOT%20NULL%20AUTO_INCREMENT%20PRIMARY%20KEY%2C%0A%20%20nl_castle_id%20%20INT%20NOT%20NULL%2C%0A%20%20nl_target_id%20%20INT%20NOT%20NULL%20DEFAULT%200%2C%0A%20%20uv_type%20%20%20%20%20%20%20VARCHAR%2832%29%20NOT%20NULL%2C%0A%20%20nl_amount%20%20%20%20%20INT%20NOT%20NULL%20DEFAULT%200%2C%0A%20%20uv_data%20%20%20%20%20%20%20TEXT%20NULL%2C%0A%20%20uv_result%20%20%20%20%20TEXT%20NULL%2C%0A%20%20ts_start%20%20%20%20%20%20TIMESTAMP%20NOT%20NULL%20DEFAULT%20current_timestamp%28%29%2C%0A%20%20ts_finish%20%20%20%20%20DATETIME%20NOT%20NULL%2C%0A%20%20nl_status%20%20%20%20%20VARCHAR%2816%29%20NOT%20NULL%20DEFAULT%20%27pending%27%2C%0A%20%20KEY%20ix_due%20%28nl_status%2C%20ts_finish%29%2C%0A%20%20KEY%20ix_castle%20%28nl_castle_id%29%0A%29%20ENGINE%3DInnoDB%20DEFAULT%20CHARSET%3Dutf8%20COLLATE%3Dutf8_slovak_ci%3B +# output: +# log: +# no_expect_ids: +# - 932230 +# - 932250 From b37681720bafffa572eaa4bfaaec419f785dee44 Mon Sep 17 00:00:00 2001 From: azurit Date: Wed, 10 Jun 2026 11:38:40 +0200 Subject: [PATCH 3/3] Add test for FP related to data import command --- .../regression/phpmyadmin-plugin/9513700.yaml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/regression/phpmyadmin-plugin/9513700.yaml b/tests/regression/phpmyadmin-plugin/9513700.yaml index 0aaf6e8..bcdc00a 100644 --- a/tests/regression/phpmyadmin-plugin/9513700.yaml +++ b/tests/regression/phpmyadmin-plugin/9513700.yaml @@ -46,3 +46,23 @@ tests: output: log: no_expect_ids: [932180] + - test_id: 3 + desc: FP related to data import (command time) + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: phpMyAdmin=1 + port: 80 + method: POST + version: HTTP/1.1 + uri: /post/index.php?route=/import + data: sql_query=CREATE%20TABLE%20t_event%20%28%0A%20%20id%20%20%20%20%20%20%20%20%20%20%20%20INT%20NOT%20NULL%20AUTO_INCREMENT%20PRIMARY%20KEY%2C%0A%20%20nl_castle_id%20%20INT%20NOT%20NULL%2C%0A%20%20nl_target_id%20%20INT%20NOT%20NULL%20DEFAULT%200%2C%0A%20%20uv_type%20%20%20%20%20%20%20VARCHAR%2832%29%20NOT%20NULL%2C%0A%20%20nl_amount%20%20%20%20%20INT%20NOT%20NULL%20DEFAULT%200%2C%0A%20%20uv_data%20%20%20%20%20%20%20TEXT%20NULL%2C%0A%20%20uv_result%20%20%20%20%20TEXT%20NULL%2C%0A%20%20ts_start%20%20%20%20%20%20TIMESTAMP%20NOT%20NULL%20DEFAULT%20current_timestamp%28%29%2C%0A%20%20ts_finish%20%20%20%20%20DATETIME%20NOT%20NULL%2C%0A%20%20nl_status%20%20%20%20%20VARCHAR%2816%29%20NOT%20NULL%20DEFAULT%20%27pending%27%2C%0A%20%20KEY%20ix_due%20%28nl_status%2C%20ts_finish%29%2C%0A%20%20KEY%20ix_castle%20%28nl_castle_id%29%0A%29%20ENGINE%3DInnoDB%20DEFAULT%20CHARSET%3Dutf8%20COLLATE%3Dutf8_slovak_ci%3B + output: + log: + no_expect_ids: + - 932230 + - 932250