The branch, master has been updated
via 8adddca21f5fc04e8bfe37f513b87608abd7a0a7 (commit)
via e2349585451ae8641f4f20ddc9c5bd1bc7ecee98 (commit)
via ca597dc423f3eebcca95ff33b088a03e39109115 (commit)
from afd311a74c1a9a0cf0c2cbf75666b82398379dfc (commit)
- Log -----------------------------------------------------------------
commit 8adddca21f5fc04e8bfe37f513b87608abd7a0a7
Merge: afd311a e234958
Author: Dieter Adriaenssens <ruleant(a)users.sourceforge.net>
Date: Tue Oct 4 19:16:10 2011 +0200
Merge branch 'QA_3_4'
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 2 +-
setup/frames/servers.inc.php | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 29e256c..8ced7db 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -72,7 +72,7 @@ phpMyAdmin - ChangeLog
- patch #3314626 [display] CharTextareaRows is not respected
- bug #3417089 [synchronize] Extraneous db choices
- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
-- [security] Fixed XSS in setup (verbose parameter)
+- [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16
3.4.5.0 (2011-09-14)
- bug #3375325 [interface] Page list in navigation frame looks odd
diff --git a/setup/frames/servers.inc.php b/setup/frames/servers.inc.php
index 081c416..8d04966 100644
--- a/setup/frames/servers.inc.php
+++ b/setup/frames/servers.inc.php
@@ -26,7 +26,7 @@ $server_exists = !empty($id) &&
$cf->get("Servers/$id") !== null;
if ($mode == 'edit' && $server_exists) {
$page_title = __('Edit server')
- . ' ' . $id . ' <small>(' . $cf->getServerDSN($id) .
')</small>';
+ . ' ' . $id . ' <small>(' .
htmlspecialchars($cf->getServerDSN($id)) . ')</small>';
} elseif ($mode == 'remove' && $server_exists) {
$cf->removeServer($id);
header('Location: index.php');
@@ -45,4 +45,4 @@ foreach ($forms['Servers'] as $form_name => $form) {
$form_display->registerForm($form_name, $form, $id);
}
process_formset($form_display);
-?>
\ No newline at end of file
+?>
hooks/post-receive
--
phpMyAdmin