Skip to content

Commit cd09765

Browse files
author
Marc Delisle
committed
Port content spoofing fix
Signed-off-by: Marc Delisle <marc@infomarc.info>
1 parent 95b5d9a commit cd09765

File tree

2 files changed

+6
-1
lines changed

2 files changed

+6
-1
lines changed

Diff for: ChangeLog

+4
Original file line numberDiff line numberDiff line change
@@ -142,6 +142,10 @@ phpMyAdmin - ChangeLog
142142
- issue #11448 Clarify doc about the MemoryLimit directive
143143
- issue #11489 Cannot copy a database under certain conditions
144144

145+
4.4.15.1 (2015-10-23)
146+
- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
147+
- issue [security] Content spoofing on url.php
148+
145149
4.4.15.0 (2015-09-20)
146150
- issue #11411 Undefined "replace" function on numeric scalar
147151
- issue #11421 Stored-proc / routine - broken parameter parsing

Diff for: url.php

+2-1
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
}
3333
</script>";
3434
// Display redirecting msg on screen.
35-
printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url']));
35+
// Do not display the value of $_REQUEST['url'] to avoid showing injected content
36+
echo __('Taking you to the target site.');
3637
}
3738
die();

0 commit comments

Comments
 (0)