[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_2_11, updated. RELEASE_2_11_11_1-14-gd620aaf

Marc Delisle lem9 at users.sourceforge.net
Tue Feb 8 14:13:24 CET 2011 

The branch, QA_2_11 has been updated
       via  d620aaf102e9a9f850cc3a5cd77ff6de40dda782 (commit)
       via  f0e8849034132e2114f1d77d9d37185bc5b49886 (commit)
      from  373a6626ade37c0fee1dfc7c757ca55c7652874b (commit)


- Log -----------------------------------------------------------------
commit d620aaf102e9a9f850cc3a5cd77ff6de40dda782
Author: Marc Delisle <marc at infomarc.info>
Date:   Tue Feb 8 08:13:01 2011 -0500

    ChangeLog for 2.11.11.2

commit f0e8849034132e2114f1d77d9d37185bc5b49886
Author: Herman van Rink <rink at initfour.nl>
Date:   Tue Feb 8 08:11:37 2011 -0500

    PMASA-2011-1 fixes

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog     |    3 +++
 changelog.php |   10 +++++++++-
 license.php   |   11 ++++++++++-
 readme.php    |   10 +++++++++-
 4 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b0663e1..e3244d9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 
 2.11.12.0 (not yet released)
 
+2.11.11.2 (2011-02-08)
+- [security] Path disclosure, see PMASA-2011-1
+
 2.11.11.1 (2010-11-29)
 - bug #3115519 (private) [security] XSS on db search, see PMASA-2010-8
 
diff --git a/changelog.php b/changelog.php
index 2b0dc3a..1b4807a 100644
--- a/changelog.php
+++ b/changelog.php
@@ -6,7 +6,15 @@
  * @version $Id$
  */
 
-$changelog = htmlspecialchars(file_get_contents('ChangeLog'));
+$filename = 'ChangeLog';
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+    $changelog = htmlspecialchars(file_get_contents($filename));
+} else {
+    echo "The $filename file is not available on this system, please visit www.phpmyadmin.net for more information.";
+    exit;
+}
 
 $replaces = array(
     '@(http://[./a-zA-Z0-9.-]*[/a-zA-Z0-9])@'
diff --git a/license.php b/license.php
index 91927f4..c8c2957 100644
--- a/license.php
+++ b/license.php
@@ -13,5 +13,14 @@
  *
  */
 header('Content-type: text/plain; charset=iso-8859-1');
-readfile('LICENSE');
+
+$filename = 'LICENSE';
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+    readfile($filename);
+} else {
+    echo "The $filename file is not available on this system, please visit www.phpmyadmin.net for more information.";
+}
+
 ?>
diff --git a/readme.php b/readme.php
index 34fecce..7f59a4e 100644
--- a/readme.php
+++ b/readme.php
@@ -13,5 +13,13 @@
  *
  */
 header('Content-type: text/plain; charset=utf-8');
-readfile('README');
+
+$filename = 'README';
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+    readfile($filename);
+} else {
+    echo "The $filename file is not available on this system, please visit www.phpmyadmin.net for more information.";
+}
 ?>


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list