The branch, master has been updated
via d35cba980893aa6e6455fd6e6f14f3e3f1204c52 (commit)
from 2ff7b4cc93eb88325b2ac2930b966208642c1111 (commit)
- Log -----------------------------------------------------------------
commit d35cba980893aa6e6455fd6e6f14f3e3f1204c52
Author: Dieter Adriaenssens <ruleant(a)users.sourceforge.net>
Date: Mon Oct 3 20:38:36 2011 +0200
Fixed local path disclosure vulnerability, see PMASA-2011-15
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 1 +
phpmyadmin.css.php | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 9248689..270b514 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -71,6 +71,7 @@ phpMyAdmin - ChangeLog
- bug #3414744 [core] External link fails in 3.4.5
- patch #3314626 [display] CharTextareaRows is not respected
- bug #3417089 [synchronize] Extraneous db choices
+- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
3.4.5.0 (2011-09-14)
- bug #3375325 [interface] Page list in navigation frame looks odd
diff --git a/phpmyadmin.css.php b/phpmyadmin.css.php
index 2275c97..b3cfecc 100644
--- a/phpmyadmin.css.php
+++ b/phpmyadmin.css.php
@@ -9,7 +9,7 @@
*
*/
// sometimes, we lose $_REQUEST['js_frame']
-define('PMA_FRAME', empty($_REQUEST['js_frame']) ? 'right' :
$_REQUEST['js_frame']);
+define('PMA_FRAME', (! empty($_REQUEST['js_frame']) &&
is_string($_REQUEST['js_frame'])) ? $_REQUEST['js_frame'] :
'right');
define('PMA_MINIMUM_COMMON', true);
require_once './libraries/common.inc.php';
hooks/post-receive
--
phpMyAdmin
Show replies by date