Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[security] Fixed XSS in setup (verbose parameter)

  • Loading branch information...
commit 1af420e22367ae72ff4091adb1620e59ddad5ba6 1 parent e05b37d
Marc Delisle lem9 authored

Showing 2 changed files with 3 additions and 2 deletions. Show diff stats Hide diff stats

  1. +1 0  ChangeLog
  2. +2 2 libraries/config/ConfigFile.class.php
1  ChangeLog
@@ -21,6 +21,7 @@ phpMyAdmin - ChangeLog
21 21 - patch #3314626 [display] CharTextareaRows is not respected
22 22 - bug #3417089 [synchronize] Extraneous db choices
23 23 - [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
  24 +- [security] Fixed XSS in setup (verbose parameter)
24 25
25 26 3.4.5.0 (2011-09-14)
26 27 - bug #3375325 [interface] Page list in navigation frame looks odd
4 libraries/config/ConfigFile.class.php
@@ -422,7 +422,7 @@ public function getServerName($id)
422 422 }
423 423 $verbose = $this->get("Servers/$id/verbose");
424 424 if (!empty($verbose)) {
425   - return $verbose;
  425 + return htmlspecialchars($verbose);
426 426 }
427 427 $host = $this->get("Servers/$id/host");
428 428 return empty($host) ? 'localhost' : $host;
@@ -508,4 +508,4 @@ public function getConfigArray()
508 508 return $c;
509 509 }
510 510 }
511   -?>
  511 +?>

0 comments on commit 1af420e

Please sign in to comment.
Something went wrong with that request. Please try again.