[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_1RC1-2774-gb5c1ee6

Marc Delisle lem9 at users.sourceforge.net
Mon May 30 22:36:25 CEST 2011 

The branch, master has been updated
       via  b5c1ee65092ebf67537931dfc1e396acfb1b10c2 (commit)
       via  99eb0cde320b136264e2360b07b83c9fdef7e265 (commit)
      from  4ab8e3f3390e9b983b42f8bf6512535b01b30d94 (commit)


- Log -----------------------------------------------------------------
commit b5c1ee65092ebf67537931dfc1e396acfb1b10c2
Merge: 4ab8e3f3390e9b983b42f8bf6512535b01b30d94 99eb0cde320b136264e2360b07b83c9fdef7e265
Author: Marc Delisle <marc at infomarc.info>
Date:   Mon May 30 16:33:09 2011 -0400

    Merge branch 'QA_3_4'

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                          |    1 +
 libraries/auth/cookie.auth.lib.php |    1 +
 libraries/header_scripts.inc.php   |   10 +++++++---
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 915e38c..66bc93b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,7 @@
 - bug #3276001 [core] Avoid caching of index.php.
 - bug #3306958 [interface] Unnecessary Details slider
 - bug #3308476 [interface] "Show all" not persistent after a sort
+- bug #3308072 [auth] Version disclosure to anonymous visitors
 
 3.4.1.0 (2011-05-20)
 - bug #3301108 [interface] Synchronize and already configured host
diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php
index 84bfa80..c04d5a2 100644
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -169,6 +169,7 @@ function PMA_auth()
     /* HTML header; do not show here the PMA version to improve security */
     $page_title = 'phpMyAdmin ';
     require './libraries/header_meta_style.inc.php';
+    // if $page_title is set, this script uses it as the title:
     require './libraries/header_scripts.inc.php';
     ?>
 <script type="text/javascript">
diff --git a/libraries/header_scripts.inc.php b/libraries/header_scripts.inc.php
index 6bd87f6..c25aa99 100644
--- a/libraries/header_scripts.inc.php
+++ b/libraries/header_scripts.inc.php
@@ -18,13 +18,17 @@ require_once './libraries/common.inc.php';
 if ( false === $GLOBALS['cfg']['AllowThirdPartyFraming']) {
     echo PMA_includeJS('cross_framing_protection.js');
 }
-// generate title
-$title = PMA_expandUserString(
+// generate title (unless we already have $page_title, from cookie auth)
+if (! isset($page_title)) {
+    $title = PMA_expandUserString(
             !empty($GLOBALS['table']) ? $GLOBALS['cfg']['TitleTable'] :
             (!empty($GLOBALS['db']) ? $GLOBALS['cfg']['TitleDatabase'] :
             (!empty($GLOBALS['cfg']['Server']['host']) ? $GLOBALS['cfg']['TitleServer'] :
             $GLOBALS['cfg']['TitleDefault']))
-            );
+        );
+} else {
+    $title = $page_title;
+}
 // here, the function does not exist with this configuration: $cfg['ServerDefault'] = 0;
 $is_superuser    = function_exists('PMA_isSuperuser') && PMA_isSuperuser();
 


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list