The branch, master has been updated
via ae44d8b1133298ec5f9fd0142492c15c41713ded (commit)
via 035d002db1e1201e73e560d7d98591563b506a83 (commit)
from 3c7b1efa57cc055062f43021cbef7557ebff4597 (commit)
- Log -----------------------------------------------------------------
commit ae44d8b1133298ec5f9fd0142492c15c41713ded
Author: Marc Delisle <marc(a)infomarc.info>
Date: Tue Feb 8 08:23:30 2011 -0500
ChangeLog for 3.3.9.1
commit 035d002db1e1201e73e560d7d98591563b506a83
Author: Herman van Rink <rink(a)initfour.nl>
Date: Tue Feb 8 08:22:29 2011 -0500
PMASA-2011-1 fixes
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 3 +++
changelog.php | 26 ++++++++++++++++++--------
license.php | 15 ++++++++++++---
3 files changed, 33 insertions(+), 11 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 6089439..5eac03f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -144,6 +144,9 @@
- bug #3153409 [core] 0 row(s) affected
- bug #3155842 [core] Edit relational page and page number
+3.3.9.1 (2011-02-08)
+- [security] Path disclosure, see PMASA-2011-1
+
3.3.9.0 (2011-01-03)
- bug [doc] Fix references to MySQL doc
- patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand
diff --git a/changelog.php b/changelog.php
index 9ab2e39..ad45e62 100644
--- a/changelog.php
+++ b/changelog.php
@@ -7,20 +7,30 @@
*/
/**
- * Load paths.
+ * Gets core libraries and defines some variables
*/
-require('./libraries/vendor_config.php');
+require_once './libraries/common.inc.php';
+
+$filename = CHANGELOG_FILE;
/**
* Read changelog.
*/
-if (substr(CHANGELOG_FILE, -3) == '.gz') {
- ob_start();
- readgzfile(CHANGELOG_FILE);
- $changelog = ob_get_contents();
- ob_end_clean();
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+
+ // Test if the if is in a compressed format
+ if (substr($filename, -3) == '.gz') {
+ ob_start();
+ readgzfile($filename);
+ $changelog = ob_get_contents();
+ ob_end_clean();
+ } else {
+ $changelog = file_get_contents($filename);
+ }
} else {
- $changelog = file_get_contents(CHANGELOG_FILE);
+ printf(__('The %s file is not available on this system, please visit
www.phpmyadmin.net for more information.'), $filename);
+ exit;
}
/**
diff --git a/license.php b/license.php
index b4b394f..851b52c 100644
--- a/license.php
+++ b/license.php
@@ -10,13 +10,22 @@
*/
/**
- * Load paths.
+ * Gets core libraries and defines some variables
*/
-require('./libraries/vendor_config.php');
+require_once './libraries/common.inc.php';
/**
*
*/
header('Content-type: text/plain; charset=iso-8859-1');
-readfile(LICENSE_FILE);
+
+$filename = LICENSE_FILE;
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+ readfile($filename);
+} else {
+ printf(__('The %s file is not available on this system, please visit
www.phpmyadmin.net for more information.'), $filename);
+}
+
?>
hooks/post-receive
--
phpMyAdmin