The branch, QA_3_3 has been updated via 09b124c2723c5bf28404d800f7f8940d18cfc8dd (commit) via 4c8c7080a76b837ae55cdc5e010c793b389a671a (commit) from df97b1d2c075a0db4241b8494e36fa85eb231dcf (commit) - Log ----------------------------------------------------------------- commit 09b124c2723c5bf28404d800f7f8940d18cfc8dd Author: Marc Delisle <marc(a)infomarc.info> Date: Tue Feb 8 08:20:20 2011 -0500 ChangeLog for 3.3.9.1 commit 4c8c7080a76b837ae55cdc5e010c793b389a671a Author: Herman van Rink <rink(a)initfour.nl> Date: Tue Feb 8 08:19:20 2011 -0500 PMASA-2011-1 fixes ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +++ changelog.php | 18 ++++++++++++------ license.php | 11 ++++++++++- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index a5226f5..6e88a8a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA - bug #3153409 [core] 0 row(s) affected - bug #3155842 [core] Edit relational page and page number +3.3.9.1 (2011-02-08) +- [security] Path disclosure, see PMASA-2011-1 + 3.3.9.0 (2011-01-03) - bug [doc] Fix references to MySQL doc - patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand diff --git a/changelog.php b/changelog.php index 7b8c6f3..637efd1 100644 --- a/changelog.php +++ b/changelog.php @@ -15,13 +15,19 @@ require('./libraries/vendor_config.php'); /** * Read changelog. */ -if (substr(CHANGELOG_FILE, -3) == '.gz') { - ob_start(); - readgzfile(CHANGELOG_FILE); - $changelog = ob_get_contents(); - ob_end_clean(); +// Check if the Changelog file is available, some distributions remove these. +if (is_readable(CHANGELOG_FILE)) { + if (substr(CHANGELOG_FILE, -3) == '.gz') { + ob_start(); + readgzfile(CHANGELOG_FILE); + $changelog = ob_get_contents(); + ob_end_clean(); + } else { + $changelog = file_get_contents(CHANGELOG_FILE); + } } else { - $changelog = file_get_contents(CHANGELOG_FILE); + echo "The Changelog file is not available on this system, please visit www.phpmyadmin.net for more information."; + exit; } /** diff --git a/license.php b/license.php index 0294611..6d63878 100644 --- a/license.php +++ b/license.php @@ -19,5 +19,14 @@ require('./libraries/vendor_config.php'); * */ header('Content-type: text/plain; charset=iso-8859-1'); -readfile(LICENSE_FILE); + +$filename = LICENSE_FILE; + +// Check if the file is available, some distributions remove these. +if (is_readable($filename)) { + readfile($filename); +} else { + echo "The $filename file is not available on this system, please visit www.phpmyadmin.net for more information."; +} + ?> hooks/post-receive -- phpMyAdmin