[Phpmyadmin-git] [SCM] phpMyAdmin branch, MAINT_3_4_6, updated. RELEASE_3_4_5-38-ge05b37d

Mon, 03 Oct 2011 11:48:17 -0700 

The branch, MAINT_3_4_6 has been updated
       via  e05b37d3c9e5b99e8a779fe55780d92df17b4a55 (commit)
      from  46a1afb372782533d8b04d72ae4b9b13a1248c0a (commit)


- Log -----------------------------------------------------------------
commit e05b37d3c9e5b99e8a779fe55780d92df17b4a55
Author: Dieter Adriaenssens <[email protected]>
Date:   Mon Oct 3 20:38:36 2011 +0200

    Fixed local path disclosure vulnerability, see PMASA-2011-15

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog          |    1 +
 phpmyadmin.css.php |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 239796f..b8c33cb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,7 @@ phpMyAdmin - ChangeLog
 - bug #3414744 [core] External link fails in 3.4.5
 - patch #3314626 [display] CharTextareaRows is not respected
 - bug #3417089 [synchronize] Extraneous db choices
+- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
 
 3.4.5.0 (2011-09-14)
 - bug #3375325 [interface] Page list in navigation frame looks odd
diff --git a/phpmyadmin.css.php b/phpmyadmin.css.php
index 2275c97..b3cfecc 100644
--- a/phpmyadmin.css.php
+++ b/phpmyadmin.css.php
@@ -9,7 +9,7 @@
  *
  */
 // sometimes, we lose $_REQUEST['js_frame']
-define('PMA_FRAME', empty($_REQUEST['js_frame']) ? 'right' : 
$_REQUEST['js_frame']);
+define('PMA_FRAME', (! empty($_REQUEST['js_frame']) && 
is_string($_REQUEST['js_frame'])) ? $_REQUEST['js_frame'] : 'right');
 
 define('PMA_MINIMUM_COMMON', true);
 require_once './libraries/common.inc.php';


hooks/post-receive
-- 
phpMyAdmin

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git

Reply via email to