The branch, QA_2_11 has been updated
via d620aaf102e9a9f850cc3a5cd77ff6de40dda782 (commit)
via f0e8849034132e2114f1d77d9d37185bc5b49886 (commit)
from 373a6626ade37c0fee1dfc7c757ca55c7652874b (commit)
- Log -----------------------------------------------------------------
commit d620aaf102e9a9f850cc3a5cd77ff6de40dda782
Author: Marc Delisle <marc(a)infomarc.info>
Date: Tue Feb 8 08:13:01 2011 -0500
ChangeLog for 2.11.11.2
commit f0e8849034132e2114f1d77d9d37185bc5b49886
Author: Herman van Rink <rink(a)initfour.nl>
Date: Tue Feb 8 08:11:37 2011 -0500
PMASA-2011-1 fixes
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 3 +++
changelog.php | 10 +++++++++-
license.php | 11 ++++++++++-
readme.php | 10 +++++++++-
4 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b0663e1..e3244d9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@ $HeadURL:
https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
2.11.12.0 (not yet released)
+2.11.11.2 (2011-02-08)
+- [security] Path disclosure, see PMASA-2011-1
+
2.11.11.1 (2010-11-29)
- bug #3115519 (private) [security] XSS on db search, see PMASA-2010-8
diff --git a/changelog.php b/changelog.php
index 2b0dc3a..1b4807a 100644
--- a/changelog.php
+++ b/changelog.php
@@ -6,7 +6,15 @@
* @version $Id$
*/
-$changelog = htmlspecialchars(file_get_contents('ChangeLog'));
+$filename = 'ChangeLog';
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+ $changelog = htmlspecialchars(file_get_contents($filename));
+} else {
+ echo "The $filename file is not available on this system, please visit
www.phpmyadmin.net for more information.";
+ exit;
+}
$replaces = array(
'@(http://[./a-zA-Z0-9.-]*[/a-zA-Z0-9])@'
diff --git a/license.php b/license.php
index 91927f4..c8c2957 100644
--- a/license.php
+++ b/license.php
@@ -13,5 +13,14 @@
*
*/
header('Content-type: text/plain; charset=iso-8859-1');
-readfile('LICENSE');
+
+$filename = 'LICENSE';
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+ readfile($filename);
+} else {
+ echo "The $filename file is not available on this system, please visit
www.phpmyadmin.net for more information.";
+}
+
?>
diff --git a/readme.php b/readme.php
index 34fecce..7f59a4e 100644
--- a/readme.php
+++ b/readme.php
@@ -13,5 +13,13 @@
*
*/
header('Content-type: text/plain; charset=utf-8');
-readfile('README');
+
+$filename = 'README';
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+ readfile($filename);
+} else {
+ echo "The $filename file is not available on this system, please visit
www.phpmyadmin.net for more information.";
+}
?>
hooks/post-receive
--
phpMyAdmin