[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_5-20711-gd35cba9

3 Oct 2011

The branch, master has been updated
       via  d35cba980893aa6e6455fd6e6f14f3e3f1204c52 (commit)
      from  2ff7b4cc93eb88325b2ac2930b966208642c1111 (commit)


- Log -----------------------------------------------------------------
commit d35cba980893aa6e6455fd6e6f14f3e3f1204c52
Author: Dieter Adriaenssens <ruleant@users.sourceforge.net>
Date:   Mon Oct 3 20:38:36 2011 +0200

    Fixed local path disclosure vulnerability, see PMASA-2011-15

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog          |    1 +
 phpmyadmin.css.php |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9248689..270b514 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -71,6 +71,7 @@ phpMyAdmin - ChangeLog
 - bug #3414744 [core] External link fails in 3.4.5
 - patch #3314626 [display] CharTextareaRows is not respected
 - bug #3417089 [synchronize] Extraneous db choices
+- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
 
 3.4.5.0 (2011-09-14)
 - bug #3375325 [interface] Page list in navigation frame looks odd
diff --git a/phpmyadmin.css.php b/phpmyadmin.css.php
index 2275c97..b3cfecc 100644
--- a/phpmyadmin.css.php
+++ b/phpmyadmin.css.php
@@ -9,7 +9,7 @@
  *
  */
 // sometimes, we lose $_REQUEST['js_frame']
-define('PMA_FRAME', empty($_REQUEST['js_frame']) ? 'right' : $_REQUEST['js_frame']);
+define('PMA_FRAME', (! empty($_REQUEST['js_frame']) && is_string($_REQUEST['js_frame'])) ? $_REQUEST['js_frame'] : 'right');
 
 define('PMA_MINIMUM_COMMON', true);
 require_once './libraries/common.inc.php';


hooks/post-receive
-- 
phpMyAdmin

    

Dieter Adriaenssens

tags

participants (1)