The branch, QA_3_3 has been updated
via 09b124c2723c5bf28404d800f7f8940d18cfc8dd (commit)
via 4c8c7080a76b837ae55cdc5e010c793b389a671a (commit)
from df97b1d2c075a0db4241b8494e36fa85eb231dcf (commit)
- Log -----------------------------------------------------------------
commit 09b124c2723c5bf28404d800f7f8940d18cfc8dd
Author: Marc Delisle <marc(a)infomarc.info>
Date: Tue Feb 8 08:20:20 2011 -0500
ChangeLog for 3.3.9.1
commit 4c8c7080a76b837ae55cdc5e010c793b389a671a
Author: Herman van Rink <rink(a)initfour.nl>
Date: Tue Feb 8 08:19:20 2011 -0500
PMASA-2011-1 fixes
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 3 +++
changelog.php | 18 ++++++++++++------
license.php | 11 ++++++++++-
3 files changed, 25 insertions(+), 7 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index a5226f5..6e88a8a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,9 @@ $HeadURL:
https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #3153409 [core] 0 row(s) affected
- bug #3155842 [core] Edit relational page and page number
+3.3.9.1 (2011-02-08)
+- [security] Path disclosure, see PMASA-2011-1
+
3.3.9.0 (2011-01-03)
- bug [doc] Fix references to MySQL doc
- patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand
diff --git a/changelog.php b/changelog.php
index 7b8c6f3..637efd1 100644
--- a/changelog.php
+++ b/changelog.php
@@ -15,13 +15,19 @@ require('./libraries/vendor_config.php');
/**
* Read changelog.
*/
-if (substr(CHANGELOG_FILE, -3) == '.gz') {
- ob_start();
- readgzfile(CHANGELOG_FILE);
- $changelog = ob_get_contents();
- ob_end_clean();
+// Check if the Changelog file is available, some distributions remove these.
+if (is_readable(CHANGELOG_FILE)) {
+ if (substr(CHANGELOG_FILE, -3) == '.gz') {
+ ob_start();
+ readgzfile(CHANGELOG_FILE);
+ $changelog = ob_get_contents();
+ ob_end_clean();
+ } else {
+ $changelog = file_get_contents(CHANGELOG_FILE);
+ }
} else {
- $changelog = file_get_contents(CHANGELOG_FILE);
+ echo "The Changelog file is not available on this system, please visit
www.phpmyadmin.net for more information.";
+ exit;
}
/**
diff --git a/license.php b/license.php
index 0294611..6d63878 100644
--- a/license.php
+++ b/license.php
@@ -19,5 +19,14 @@ require('./libraries/vendor_config.php');
*
*/
header('Content-type: text/plain; charset=iso-8859-1');
-readfile(LICENSE_FILE);
+
+$filename = LICENSE_FILE;
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+ readfile($filename);
+} else {
+ echo "The $filename file is not available on this system, please visit
www.phpmyadmin.net for more information.";
+}
+
?>
hooks/post-receive
--
phpMyAdmin