The branch, QA_2_11 has been updated via d620aaf102e9a9f850cc3a5cd77ff6de40dda782 (commit) via f0e8849034132e2114f1d77d9d37185bc5b49886 (commit) from 373a6626ade37c0fee1dfc7c757ca55c7652874b (commit)
- Log ----------------------------------------------------------------- commit d620aaf102e9a9f850cc3a5cd77ff6de40dda782 Author: Marc Delisle marc@infomarc.info Date: Tue Feb 8 08:13:01 2011 -0500
ChangeLog for 2.11.11.2
commit f0e8849034132e2114f1d77d9d37185bc5b49886 Author: Herman van Rink rink@initfour.nl Date: Tue Feb 8 08:11:37 2011 -0500
PMASA-2011-1 fixes
-----------------------------------------------------------------------
Summary of changes: ChangeLog | 3 +++ changelog.php | 10 +++++++++- license.php | 11 ++++++++++- readme.php | 10 +++++++++- 4 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog index b0663e1..e3244d9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
2.11.12.0 (not yet released)
+2.11.11.2 (2011-02-08) +- [security] Path disclosure, see PMASA-2011-1 + 2.11.11.1 (2010-11-29) - bug #3115519 (private) [security] XSS on db search, see PMASA-2010-8
diff --git a/changelog.php b/changelog.php index 2b0dc3a..1b4807a 100644 --- a/changelog.php +++ b/changelog.php @@ -6,7 +6,15 @@ * @version $Id$ */
-$changelog = htmlspecialchars(file_get_contents('ChangeLog')); +$filename = 'ChangeLog'; + +// Check if the file is available, some distributions remove these. +if (is_readable($filename)) { + $changelog = htmlspecialchars(file_get_contents($filename)); +} else { + echo "The $filename file is not available on this system, please visit www.phpmyadmin.net for more information."; + exit; +}
$replaces = array( '@(http://%5B./a-zA-Z0-9.-%5D*%5B/a-zA-Z0-9%5D)@' diff --git a/license.php b/license.php index 91927f4..c8c2957 100644 --- a/license.php +++ b/license.php @@ -13,5 +13,14 @@ * */ header('Content-type: text/plain; charset=iso-8859-1'); -readfile('LICENSE'); + +$filename = 'LICENSE'; + +// Check if the file is available, some distributions remove these. +if (is_readable($filename)) { + readfile($filename); +} else { + echo "The $filename file is not available on this system, please visit www.phpmyadmin.net for more information."; +} + ?> diff --git a/readme.php b/readme.php index 34fecce..7f59a4e 100644 --- a/readme.php +++ b/readme.php @@ -13,5 +13,13 @@ * */ header('Content-type: text/plain; charset=utf-8'); -readfile('README'); + +$filename = 'README'; + +// Check if the file is available, some distributions remove these. +if (is_readable($filename)) { + readfile($filename); +} else { + echo "The $filename file is not available on this system, please visit www.phpmyadmin.net for more information."; +} ?>
hooks/post-receive