[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_5-20720-gc25b7c8 - Git

4 Oct 2011

The branch, master has been updated
       via  c25b7c896658bba418cc185ba2ff58a4c3bd0bc1 (commit)
       via  bc5aa87ae9957a2c4740009c713bcbd54a31b93c (commit)
       via  1af420e22367ae72ff4091adb1620e59ddad5ba6 (commit)
      from  73913f135e51cbc3eba559ffd8af70a2938f0ac3 (commit)
- Log -----------------------------------------------------------------
commit c25b7c896658bba418cc185ba2ff58a4c3bd0bc1
Merge: 73913f1 bc5aa87
Author: Marc Delisle marc@infomarc.info
Date:   Tue Oct 4 06:20:48 2011 -0400
Merge branch 'QA_3_4'
-----------------------------------------------------------------------
Summary of changes:
 ChangeLog                             |    1 +
 libraries/config/ConfigFile.class.php |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 270b514..29e256c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -72,6 +72,7 @@ phpMyAdmin - ChangeLog
 - patch #3314626 [display] CharTextareaRows is not respected
 - bug #3417089 [synchronize] Extraneous db choices
 - [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
+- [security] Fixed XSS in setup (verbose parameter)
3.4.5.0 (2011-09-14)
 - bug #3375325 [interface] Page list in navigation frame looks odd
diff --git a/libraries/config/ConfigFile.class.php b/libraries/config/ConfigFile.class.php
index 87c10b3..c1b01ec 100644
--- a/libraries/config/ConfigFile.class.php
+++ b/libraries/config/ConfigFile.class.php
@@ -414,7 +414,7 @@ class ConfigFile
         }
         $verbose = $this->get("Servers/$id/verbose");
         if (!empty($verbose)) {
-            return $verbose;
+            return htmlspecialchars($verbose);
         }
         $host = $this->get("Servers/$id/host");
         return empty($host) ? 'localhost' : $host;
hooks/post-receive
-- 
phpMyAdmin


    