Permalink
Browse files

[security] Fixed XSS in setup (host parameter), see PMASA-2011-16

  • Loading branch information...
1 parent 1af420e commit ca597dc423f3eebcca95ff33b088a03e39109115 @ruleant ruleant committed Oct 4, 2011
Showing with 3 additions and 3 deletions.
  1. +1 −1 ChangeLog
  2. +2 −2 setup/frames/servers.inc.php
View
@@ -21,7 +21,7 @@ phpMyAdmin - ChangeLog
- patch #3314626 [display] CharTextareaRows is not respected
- bug #3417089 [synchronize] Extraneous db choices
- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
-- [security] Fixed XSS in setup (verbose parameter)
+- [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16
3.4.5.0 (2011-09-14)
- bug #3375325 [interface] Page list in navigation frame looks odd
@@ -26,7 +26,7 @@
if ($mode == 'edit' && $server_exists) {
$page_title = __('Edit server')
- . ' ' . $id . ' <small>(' . $cf->getServerDSN($id) . ')</small>';
+ . ' ' . $id . ' <small>(' . htmlspecialchars($cf->getServerDSN($id)) . ')</small>';
} elseif ($mode == 'remove' && $server_exists) {
$cf->removeServer($id);
header('Location: index.php');
@@ -45,4 +45,4 @@
$form_display->registerForm($form_name, $form, $id);
}
process_formset($form_display);
-?>
+?>

0 comments on commit ca597dc

Please sign in to comment.