The branch, QA_3_4 has been updated
via 99eb0cde320b136264e2360b07b83c9fdef7e265 (commit)
from 60411dd4c6ebc898cedfbab14186e2c3037246db (commit)
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 1 +
libraries/auth/cookie.auth.lib.php | 1 +
libraries/header_scripts.inc.php | 10 +++++++---
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ae9e1d7..03877e6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,7 @@
- bug #3276001 [core] Avoid caching of index.php.
- bug #3306958 [interface] Unnecessary Details slider
- bug #3308476 [interface] "Show all" not persistent after a sort
+- bug #3308072 [auth] Version disclosure to anonymous visitors
3.4.1.0 (2011-05-20)
- bug #3301108 [interface] Synchronize and already configured host
diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php
index 84bfa80..c04d5a2 100644
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -169,6 +169,7 @@ function PMA_auth()
/* HTML header; do not show here the PMA version to improve security */
$page_title = 'phpMyAdmin ';
require './libraries/header_meta_style.inc.php';
+ // if $page_title is set, this script uses it as the title:
require './libraries/header_scripts.inc.php';
?>
<script type="text/javascript">
diff --git a/libraries/header_scripts.inc.php b/libraries/header_scripts.inc.php
index 6bd87f6..c25aa99 100644
--- a/libraries/header_scripts.inc.php
+++ b/libraries/header_scripts.inc.php
@@ -18,13 +18,17 @@ require_once './libraries/common.inc.php';
if ( false === $GLOBALS['cfg']['AllowThirdPartyFraming']) {
echo PMA_includeJS('cross_framing_protection.js');
}
-// generate title
-$title = PMA_expandUserString(
+// generate title (unless we already have $page_title, from cookie auth)
+if (! isset($page_title)) {
+ $title = PMA_expandUserString(
!empty($GLOBALS['table']) ?
$GLOBALS['cfg']['TitleTable'] :
(!empty($GLOBALS['db']) ?
$GLOBALS['cfg']['TitleDatabase'] :
(!empty($GLOBALS['cfg']['Server']['host']) ?
$GLOBALS['cfg']['TitleServer'] :
$GLOBALS['cfg']['TitleDefault']))
- );
+ );
+} else {
+ $title = $page_title;
+}
// here, the function does not exist with this configuration:
$cfg['ServerDefault'] = 0;
$is_superuser = function_exists('PMA_isSuperuser') &&
PMA_isSuperuser();
hooks/post-receive
--
phpMyAdmin