[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_5-20720-gc25b7c8

Tue, 04 Oct 2011 03:21:59 -0700 

The branch, master has been updated
       via  c25b7c896658bba418cc185ba2ff58a4c3bd0bc1 (commit)
       via  bc5aa87ae9957a2c4740009c713bcbd54a31b93c (commit)
       via  1af420e22367ae72ff4091adb1620e59ddad5ba6 (commit)
      from  73913f135e51cbc3eba559ffd8af70a2938f0ac3 (commit)


- Log -----------------------------------------------------------------
commit c25b7c896658bba418cc185ba2ff58a4c3bd0bc1
Merge: 73913f1 bc5aa87
Author: Marc Delisle <[email protected]>
Date:   Tue Oct 4 06:20:48 2011 -0400

    Merge branch 'QA_3_4'

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                             |    1 +
 libraries/config/ConfigFile.class.php |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 270b514..29e256c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -72,6 +72,7 @@ phpMyAdmin - ChangeLog
 - patch #3314626 [display] CharTextareaRows is not respected
 - bug #3417089 [synchronize] Extraneous db choices
 - [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
+- [security] Fixed XSS in setup (verbose parameter)
 
 3.4.5.0 (2011-09-14)
 - bug #3375325 [interface] Page list in navigation frame looks odd
diff --git a/libraries/config/ConfigFile.class.php 
b/libraries/config/ConfigFile.class.php
index 87c10b3..c1b01ec 100644
--- a/libraries/config/ConfigFile.class.php
+++ b/libraries/config/ConfigFile.class.php
@@ -414,7 +414,7 @@ class ConfigFile
         }
         $verbose = $this->get("Servers/$id/verbose");
         if (!empty($verbose)) {
-            return $verbose;
+            return htmlspecialchars($verbose);
         }
         $host = $this->get("Servers/$id/host");
         return empty($host) ? 'localhost' : $host;


hooks/post-receive
-- 
phpMyAdmin

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git

Reply via email to