[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_3, updated. RELEASE_3_3_9-14-g09b124c

Marc Delisle lem9 at users.sourceforge.net
Tue Feb 8 14:20:33 CET 2011 

The branch, QA_3_3 has been updated
       via  09b124c2723c5bf28404d800f7f8940d18cfc8dd (commit)
       via  4c8c7080a76b837ae55cdc5e010c793b389a671a (commit)
      from  df97b1d2c075a0db4241b8494e36fa85eb231dcf (commit)


- Log -----------------------------------------------------------------
commit 09b124c2723c5bf28404d800f7f8940d18cfc8dd
Author: Marc Delisle <marc at infomarc.info>
Date:   Tue Feb 8 08:20:20 2011 -0500

    ChangeLog for 3.3.9.1

commit 4c8c7080a76b837ae55cdc5e010c793b389a671a
Author: Herman van Rink <rink at initfour.nl>
Date:   Tue Feb 8 08:19:20 2011 -0500

    PMASA-2011-1 fixes

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog     |    3 +++
 changelog.php |   18 ++++++++++++------
 license.php   |   11 ++++++++++-
 3 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a5226f5..6e88a8a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #3153409 [core] 0 row(s) affected 
 - bug #3155842 [core] Edit relational page and page number
 
+3.3.9.1 (2011-02-08)
+- [security] Path disclosure, see PMASA-2011-1
+
 3.3.9.0 (2011-01-03)
 - bug [doc] Fix references to MySQL doc
 - patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand
diff --git a/changelog.php b/changelog.php
index 7b8c6f3..637efd1 100644
--- a/changelog.php
+++ b/changelog.php
@@ -15,13 +15,19 @@ require('./libraries/vendor_config.php');
 /**
  * Read changelog.
  */
-if (substr(CHANGELOG_FILE, -3) == '.gz') {
-    ob_start();
-    readgzfile(CHANGELOG_FILE);
-    $changelog = ob_get_contents();
-    ob_end_clean();
+// Check if the Changelog file is available, some distributions remove these.
+if (is_readable(CHANGELOG_FILE)) {
+    if (substr(CHANGELOG_FILE, -3) == '.gz') {
+        ob_start();
+        readgzfile(CHANGELOG_FILE);
+        $changelog = ob_get_contents();
+        ob_end_clean();
+    } else {
+        $changelog = file_get_contents(CHANGELOG_FILE);
+    }
 } else {
-    $changelog = file_get_contents(CHANGELOG_FILE);
+    echo "The Changelog file is not available on this system, please visit www.phpmyadmin.net for more information.";
+    exit;
 }
 
 /**
diff --git a/license.php b/license.php
index 0294611..6d63878 100644
--- a/license.php
+++ b/license.php
@@ -19,5 +19,14 @@ require('./libraries/vendor_config.php');
  *
  */
 header('Content-type: text/plain; charset=iso-8859-1');
-readfile(LICENSE_FILE);
+
+$filename = LICENSE_FILE;
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+    readfile($filename);
+} else {
+    echo "The $filename file is not available on this system, please visit www.phpmyadmin.net for more information.";
+}
+
 ?>


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list