Browse files

[security] Fixed XSS in setup (verbose parameter)

  • Loading branch information...
1 parent e05b37d commit 1af420e22367ae72ff4091adb1620e59ddad5ba6 @lem9 lem9 committed Oct 4, 2011
Showing with 3 additions and 2 deletions.
  1. +1 −0 ChangeLog
  2. +2 −2 libraries/config/ConfigFile.class.php
View
1 ChangeLog
@@ -21,6 +21,7 @@ phpMyAdmin - ChangeLog
- patch #3314626 [display] CharTextareaRows is not respected
- bug #3417089 [synchronize] Extraneous db choices
- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
+- [security] Fixed XSS in setup (verbose parameter)
3.4.5.0 (2011-09-14)
- bug #3375325 [interface] Page list in navigation frame looks odd
View
4 libraries/config/ConfigFile.class.php
@@ -422,7 +422,7 @@ public function getServerName($id)
}
$verbose = $this->get("Servers/$id/verbose");
if (!empty($verbose)) {
- return $verbose;
+ return htmlspecialchars($verbose);
}
$host = $this->get("Servers/$id/host");
return empty($host) ? 'localhost' : $host;
@@ -508,4 +508,4 @@ public function getConfigArray()
return $c;
}
}
-?>
+?>

0 comments on commit 1af420e

Please sign in to comment.