The branch, MAINT_3_4_6 has been updated
via 1af420e22367ae72ff4091adb1620e59ddad5ba6 (commit)
from e05b37d3c9e5b99e8a779fe55780d92df17b4a55 (commit)
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 1 +
libraries/config/ConfigFile.class.php | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b8c33cb..020aef3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,7 @@ phpMyAdmin - ChangeLog
- patch #3314626 [display] CharTextareaRows is not respected
- bug #3417089 [synchronize] Extraneous db choices
- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
+- [security] Fixed XSS in setup (verbose parameter)
3.4.5.0 (2011-09-14)
- bug #3375325 [interface] Page list in navigation frame looks odd
diff --git a/libraries/config/ConfigFile.class.php
b/libraries/config/ConfigFile.class.php
index 20369f1..9e1690c 100644
--- a/libraries/config/ConfigFile.class.php
+++ b/libraries/config/ConfigFile.class.php
@@ -422,7 +422,7 @@ class ConfigFile
}
$verbose = $this->get("Servers/$id/verbose");
if (!empty($verbose)) {
- return $verbose;
+ return htmlspecialchars($verbose);
}
$host = $this->get("Servers/$id/host");
return empty($host) ? 'localhost' : $host;
@@ -508,4 +508,4 @@ class ConfigFile
return $c;
}
}
-?>
\ No newline at end of file
+?>
hooks/post-receive
--
phpMyAdmin