The branch, master has been updated via ae44d8b1133298ec5f9fd0142492c15c41713ded (commit) via 035d002db1e1201e73e560d7d98591563b506a83 (commit) from 3c7b1efa57cc055062f43021cbef7557ebff4597 (commit)

- Log ----------------------------------------------------------------- commit ae44d8b1133298ec5f9fd0142492c15c41713ded Author: Marc Delisle marc@infomarc.info Date: Tue Feb 8 08:23:30 2011 -0500

ChangeLog for 3.3.9.1

commit 035d002db1e1201e73e560d7d98591563b506a83 Author: Herman van Rink rink@initfour.nl Date: Tue Feb 8 08:22:29 2011 -0500

PMASA-2011-1 fixes

-----------------------------------------------------------------------

Summary of changes: ChangeLog | 3 +++ changelog.php | 26 ++++++++++++++++++-------- license.php | 15 ++++++++++++--- 3 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/ChangeLog b/ChangeLog index 6089439..5eac03f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -144,6 +144,9 @@ - bug #3153409 [core] 0 row(s) affected - bug #3155842 [core] Edit relational page and page number

+3.3.9.1 (2011-02-08) +- [security] Path disclosure, see PMASA-2011-1 + 3.3.9.0 (2011-01-03) - bug [doc] Fix references to MySQL doc - patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand diff --git a/changelog.php b/changelog.php index 9ab2e39..ad45e62 100644 --- a/changelog.php +++ b/changelog.php @@ -7,20 +7,30 @@ */

/** - * Load paths. + * Gets core libraries and defines some variables */ -require('./libraries/vendor_config.php'); +require_once './libraries/common.inc.php'; + +$filename = CHANGELOG_FILE;

/** * Read changelog. */ -if (substr(CHANGELOG_FILE, -3) == '.gz') { - ob_start(); - readgzfile(CHANGELOG_FILE); - $changelog = ob_get_contents(); - ob_end_clean(); +// Check if the file is available, some distributions remove these. +if (is_readable($filename)) { + + // Test if the if is in a compressed format + if (substr($filename, -3) == '.gz') { + ob_start(); + readgzfile($filename); + $changelog = ob_get_contents(); + ob_end_clean(); + } else { + $changelog = file_get_contents($filename); + } } else { - $changelog = file_get_contents(CHANGELOG_FILE); + printf(__('The %s file is not available on this system, please visit www.phpmyadmin.net for more information.'), $filename); + exit; }

/** diff --git a/license.php b/license.php index b4b394f..851b52c 100644 --- a/license.php +++ b/license.php @@ -10,13 +10,22 @@ */

/** - * Load paths. + * Gets core libraries and defines some variables */ -require('./libraries/vendor_config.php'); +require_once './libraries/common.inc.php';

/** * */ header('Content-type: text/plain; charset=iso-8859-1'); -readfile(LICENSE_FILE); + +$filename = LICENSE_FILE; + +// Check if the file is available, some distributions remove these. +if (is_readable($filename)) { + readfile($filename); +} else { + printf(__('The %s file is not available on this system, please visit www.phpmyadmin.net for more information.'), $filename); +} + ?>

hooks/post-receive