The branch, master has been updated
via ae44d8b1133298ec5f9fd0142492c15c41713ded (commit)
via 035d002db1e1201e73e560d7d98591563b506a83 (commit)
from 3c7b1efa57cc055062f43021cbef7557ebff4597 (commit)
- Log -----------------------------------------------------------------
commit ae44d8b1133298ec5f9fd0142492c15c41713ded
Author: Marc Delisle <m...@infomarc.info>
Date: Tue Feb 8 08:23:30 2011 -0500
ChangeLog for 3.3.9.1
commit 035d002db1e1201e73e560d7d98591563b506a83
Author: Herman van Rink <r...@initfour.nl>
Date: Tue Feb 8 08:22:29 2011 -0500
PMASA-2011-1 fixes
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 3 +++
changelog.php | 26 ++++++++++++++++++--------
license.php | 15 ++++++++++++---
3 files changed, 33 insertions(+), 11 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 6089439..5eac03f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -144,6 +144,9 @@
- bug #3153409 [core] 0 row(s) affected
- bug #3155842 [core] Edit relational page and page number
+3.3.9.1 (2011-02-08)
+- [security] Path disclosure, see PMASA-2011-1
+
3.3.9.0 (2011-01-03)
- bug [doc] Fix references to MySQL doc
- patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand
diff --git a/changelog.php b/changelog.php
index 9ab2e39..ad45e62 100644
--- a/changelog.php
+++ b/changelog.php
@@ -7,20 +7,30 @@
*/
/**
- * Load paths.
+ * Gets core libraries and defines some variables
*/
-require('./libraries/vendor_config.php');
+require_once './libraries/common.inc.php';
+
+$filename = CHANGELOG_FILE;
/**
* Read changelog.
*/
-if (substr(CHANGELOG_FILE, -3) == '.gz') {
- ob_start();
- readgzfile(CHANGELOG_FILE);
- $changelog = ob_get_contents();
- ob_end_clean();
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+
+ // Test if the if is in a compressed format
+ if (substr($filename, -3) == '.gz') {
+ ob_start();
+ readgzfile($filename);
+ $changelog = ob_get_contents();
+ ob_end_clean();
+ } else {
+ $changelog = file_get_contents($filename);
+ }
} else {
- $changelog = file_get_contents(CHANGELOG_FILE);
+ printf(__('The %s file is not available on this system, please visit
www.phpmyadmin.net for more information.'), $filename);
+ exit;
}
/**
diff --git a/license.php b/license.php
index b4b394f..851b52c 100644
--- a/license.php
+++ b/license.php
@@ -10,13 +10,22 @@
*/
/**
- * Load paths.
+ * Gets core libraries and defines some variables
*/
-require('./libraries/vendor_config.php');
+require_once './libraries/common.inc.php';
/**
*
*/
header('Content-type: text/plain; charset=iso-8859-1');
-readfile(LICENSE_FILE);
+
+$filename = LICENSE_FILE;
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+ readfile($filename);
+} else {
+ printf(__('The %s file is not available on this system, please visit
www.phpmyadmin.net for more information.'), $filename);
+}
+
?>
hooks/post-receive
--
phpMyAdmin
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Phpmyadmin-git mailing list
Phpmyadmin-git@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git
