[Phpmyadmin-git] [SCM] phpMyAdmin branch, MAINT_3_4_6, updated. RELEASE_3_4_5-39-g1af420e

The branch, MAINT_3_4_6 has been updated via 1af420e22367ae72ff4091adb1620e59ddad5ba6 (commit) from e05b37d3c9e5b99e8a779fe55780d92df17b4a55 (commit) - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + libraries/config/ConfigFile.class.php | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index b8c33cb..020aef3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,7 @@ phpMyAdmin - ChangeLog - patch #3314626 [display] CharTextareaRows is not respected - bug #3417089 [synchronize] Extraneous db choices - [security] Fixed local path disclosure vulnerability, see PMASA-2011-15 +- [security] Fixed XSS in setup (verbose parameter) 3.4.5.0 (2011-09-14) - bug #3375325 [interface] Page list in navigation frame looks odd diff --git a/libraries/config/ConfigFile.class.php b/libraries/config/ConfigFile.class.php index 20369f1..9e1690c 100644 --- a/libraries/config/ConfigFile.class.php +++ b/libraries/config/ConfigFile.class.php @@ -422,7 +422,7 @@ class ConfigFile } $verbose = $this->get("Servers/$id/verbose"); if (!empty($verbose)) { - return $verbose; + return htmlspecialchars($verbose); } $host = $this->get("Servers/$id/host"); return empty($host) ? 'localhost' : $host; @@ -508,4 +508,4 @@ class ConfigFile return $c; } } -?> \ No newline at end of file +?> hooks/post-receive -- phpMyAdmin