The branch, MAINT_3_4_6 has been updated via e05b37d3c9e5b99e8a779fe55780d92df17b4a55 (commit) from 46a1afb372782533d8b04d72ae4b9b13a1248c0a (commit) - Log ----------------------------------------------------------------- commit e05b37d3c9e5b99e8a779fe55780d92df17b4a55 Author: Dieter Adriaenssens <ruleant@users.sourceforge.net> Date: Mon Oct 3 20:38:36 2011 +0200 Fixed local path disclosure vulnerability, see PMASA-2011-15 ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + phpmyadmin.css.php | 2 +- 2 files changed, 2 insertions(+), 1 deletions(-) diff --git a/ChangeLog b/ChangeLog index 239796f..b8c33cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,7 @@ phpMyAdmin - ChangeLog - bug #3414744 [core] External link fails in 3.4.5 - patch #3314626 [display] CharTextareaRows is not respected - bug #3417089 [synchronize] Extraneous db choices +- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15 3.4.5.0 (2011-09-14) - bug #3375325 [interface] Page list in navigation frame looks odd diff --git a/phpmyadmin.css.php b/phpmyadmin.css.php index 2275c97..b3cfecc 100644 --- a/phpmyadmin.css.php +++ b/phpmyadmin.css.php @@ -9,7 +9,7 @@ * */ // sometimes, we lose $_REQUEST['js_frame'] -define('PMA_FRAME', empty($_REQUEST['js_frame']) ? 'right' : $_REQUEST['js_frame']); +define('PMA_FRAME', (! empty($_REQUEST['js_frame']) && is_string($_REQUEST['js_frame'])) ? $_REQUEST['js_frame'] : 'right'); define('PMA_MINIMUM_COMMON', true); require_once './libraries/common.inc.php'; hooks/post-receive -- phpMyAdmin