[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_5-43-gbc5aa87
Marc Delisle
lem9 at users.sourceforge.net
Tue Oct 4 12:21:26 CEST 2011
The branch, QA_3_4 has been updated
via bc5aa87ae9957a2c4740009c713bcbd54a31b93c (commit)
via 1af420e22367ae72ff4091adb1620e59ddad5ba6 (commit)
from 7d586b458dbbaf4002ead84ef7edea60833c528c (commit)
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 1 +
libraries/config/ConfigFile.class.php | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index f36cc67..1f101fe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,7 @@ phpMyAdmin - ChangeLog
- patch #3314626 [display] CharTextareaRows is not respected
- bug #3417089 [synchronize] Extraneous db choices
- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
+- [security] Fixed XSS in setup (verbose parameter)
3.4.5.0 (2011-09-14)
- bug #3375325 [interface] Page list in navigation frame looks odd
diff --git a/libraries/config/ConfigFile.class.php b/libraries/config/ConfigFile.class.php
index 20369f1..9e1690c 100644
--- a/libraries/config/ConfigFile.class.php
+++ b/libraries/config/ConfigFile.class.php
@@ -422,7 +422,7 @@ class ConfigFile
}
$verbose = $this->get("Servers/$id/verbose");
if (!empty($verbose)) {
- return $verbose;
+ return htmlspecialchars($verbose);
}
$host = $this->get("Servers/$id/host");
return empty($host) ? 'localhost' : $host;
@@ -508,4 +508,4 @@ class ConfigFile
return $c;
}
}
-?>
\ No newline at end of file
+?>
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list