The branch, QA_3_4 has been updated via fbaa5cc1a1cd4fbbb8588cda958c803b186eb064 (commit) from b939d1048ec3bebf066bcccafbcd3d2998db3521 (commit)
- Log ----------------------------------------------------------------- commit fbaa5cc1a1cd4fbbb8588cda958c803b186eb064 Author: Dieter Adriaenssens ruleant@users.sourceforge.net Date: Mon Oct 3 20:38:36 2011 +0200
Fixed local path disclosure vulnerability, see PMASA-2011-15
-----------------------------------------------------------------------
Summary of changes: ChangeLog | 1 + phpmyadmin.css.php | 2 +- 2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 9f4daa4..f36cc67 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,7 @@ phpMyAdmin - ChangeLog - bug #3414744 [core] External link fails in 3.4.5 - patch #3314626 [display] CharTextareaRows is not respected - bug #3417089 [synchronize] Extraneous db choices +- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
3.4.5.0 (2011-09-14) - bug #3375325 [interface] Page list in navigation frame looks odd diff --git a/phpmyadmin.css.php b/phpmyadmin.css.php index 2275c97..b3cfecc 100644 --- a/phpmyadmin.css.php +++ b/phpmyadmin.css.php @@ -9,7 +9,7 @@ * */ // sometimes, we lose $_REQUEST['js_frame'] -define('PMA_FRAME', empty($_REQUEST['js_frame']) ? 'right' : $_REQUEST['js_frame']); +define('PMA_FRAME', (! empty($_REQUEST['js_frame']) && is_string($_REQUEST['js_frame'])) ? $_REQUEST['js_frame'] : 'right');
define('PMA_MINIMUM_COMMON', true); require_once './libraries/common.inc.php';
hooks/post-receive
-
Dieter Adriaenssens