From 0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Thu, 30 Jun 2011 13:21:31 +0200
Subject: [PATCH] Fixed possible code injection incase session variables are
 compromised, see PMASA-2011-6

---
 ChangeLog                           | 1 +
 setup/lib/ConfigGenerator.class.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 3ce317d40..da43382e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@ phpMyAdmin - ChangeLog
 
 3.4.3.1 (not yet released)
 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
+- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
 
 3.4.3.0 (2011-06-27)
 - bug #3311170 [sync] Missing helper icons in Synchronize
diff --git a/setup/lib/ConfigGenerator.class.php b/setup/lib/ConfigGenerator.class.php
index 95c33251d..e33775ed3 100644
--- a/setup/lib/ConfigGenerator.class.php
+++ b/setup/lib/ConfigGenerator.class.php
@@ -39,7 +39,7 @@ class ConfigGenerator
         if ($cf->getServerCount() > 0) {
             $ret .= "/* Servers configuration */$crlf\$i = 0;" . $crlf . $crlf;
             foreach ($c['Servers'] as $id => $server) {
-                $ret .= '/* Server: ' . strtr($cf->getServerName($id), '*/', '-') . " [$id] */" . $crlf
+                $ret .= '/* Server: ' . strtr($cf->getServerName($id) . " [$id] ", '*/', '-') . "*/" . $crlf
                     . '$i++;' . $crlf;
                 foreach ($server as $k => $v) {
                     $k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);