[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_0BETA2-1901-gae44d8b

Marc Delisle lem9 at users.sourceforge.net
Tue Feb 8 14:23:43 CET 2011 

The branch, master has been updated
       via  ae44d8b1133298ec5f9fd0142492c15c41713ded (commit)
       via  035d002db1e1201e73e560d7d98591563b506a83 (commit)
      from  3c7b1efa57cc055062f43021cbef7557ebff4597 (commit)


- Log -----------------------------------------------------------------
commit ae44d8b1133298ec5f9fd0142492c15c41713ded
Author: Marc Delisle <marc at infomarc.info>
Date:   Tue Feb 8 08:23:30 2011 -0500

    ChangeLog for 3.3.9.1

commit 035d002db1e1201e73e560d7d98591563b506a83
Author: Herman van Rink <rink at initfour.nl>
Date:   Tue Feb 8 08:22:29 2011 -0500

    PMASA-2011-1 fixes

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog     |    3 +++
 changelog.php |   26 ++++++++++++++++++--------
 license.php   |   15 ++++++++++++---
 3 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6089439..5eac03f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -144,6 +144,9 @@
 - bug #3153409 [core] 0 row(s) affected 
 - bug #3155842 [core] Edit relational page and page number
 
+3.3.9.1 (2011-02-08)
+- [security] Path disclosure, see PMASA-2011-1
+
 3.3.9.0 (2011-01-03)
 - bug [doc] Fix references to MySQL doc
 - patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand
diff --git a/changelog.php b/changelog.php
index 9ab2e39..ad45e62 100644
--- a/changelog.php
+++ b/changelog.php
@@ -7,20 +7,30 @@
  */
 
 /**
- * Load paths.
+ * Gets core libraries and defines some variables
  */
-require('./libraries/vendor_config.php');
+require_once './libraries/common.inc.php';
+
+$filename = CHANGELOG_FILE;
 
 /**
  * Read changelog.
  */
-if (substr(CHANGELOG_FILE, -3) == '.gz') {
-    ob_start();
-    readgzfile(CHANGELOG_FILE);
-    $changelog = ob_get_contents();
-    ob_end_clean();
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+
+    // Test if the if is in a compressed format
+    if (substr($filename, -3) == '.gz') {
+        ob_start();
+        readgzfile($filename);
+        $changelog = ob_get_contents();
+        ob_end_clean();
+    } else {
+        $changelog = file_get_contents($filename);
+    }
 } else {
-    $changelog = file_get_contents(CHANGELOG_FILE);
+    printf(__('The %s file is not available on this system, please visit www.phpmyadmin.net for more information.'), $filename);
+    exit;
 }
 
 /**
diff --git a/license.php b/license.php
index b4b394f..851b52c 100644
--- a/license.php
+++ b/license.php
@@ -10,13 +10,22 @@
  */
 
 /**
- * Load paths.
+ * Gets core libraries and defines some variables
  */
-require('./libraries/vendor_config.php');
+require_once './libraries/common.inc.php';
 
 /**
  *
  */
 header('Content-type: text/plain; charset=iso-8859-1');
-readfile(LICENSE_FILE);
+
+$filename = LICENSE_FILE;
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+    readfile($filename);
+} else {
+    printf(__('The %s file is not available on this system, please visit www.phpmyadmin.net for more information.'), $filename);
+}
+
 ?>


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list