The branch, QA_3_4 has been updated
via fbaa5cc1a1cd4fbbb8588cda958c803b186eb064 (commit)
from b939d1048ec3bebf066bcccafbcd3d2998db3521 (commit)
- Log -----------------------------------------------------------------
commit fbaa5cc1a1cd4fbbb8588cda958c803b186eb064
Author: Dieter Adriaenssens <ruleant(a)users.sourceforge.net>
Date: Mon Oct 3 20:38:36 2011 +0200
Fixed local path disclosure vulnerability, see PMASA-2011-15
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 1 +
phpmyadmin.css.php | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 9f4daa4..f36cc67 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,7 @@ phpMyAdmin - ChangeLog
- bug #3414744 [core] External link fails in 3.4.5
- patch #3314626 [display] CharTextareaRows is not respected
- bug #3417089 [synchronize] Extraneous db choices
+- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
3.4.5.0 (2011-09-14)
- bug #3375325 [interface] Page list in navigation frame looks odd
diff --git a/phpmyadmin.css.php b/phpmyadmin.css.php
index 2275c97..b3cfecc 100644
--- a/phpmyadmin.css.php
+++ b/phpmyadmin.css.php
@@ -9,7 +9,7 @@
*
*/
// sometimes, we lose $_REQUEST['js_frame']
-define('PMA_FRAME', empty($_REQUEST['js_frame']) ? 'right' :
$_REQUEST['js_frame']);
+define('PMA_FRAME', (! empty($_REQUEST['js_frame']) &&
is_string($_REQUEST['js_frame'])) ? $_REQUEST['js_frame'] :
'right');
define('PMA_MINIMUM_COMMON', true);
require_once './libraries/common.inc.php';
hooks/post-receive
--
phpMyAdmin
Show replies by date