From 2e01647949df937040e73a94ce0bac0daecbdcf4 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Wed, 29 Jun 2011 13:02:00 +0200
Subject: [PATCH] Fixed possible code injection incase session variables are
 compromised

---
 ChangeLog                      | 1 +
 setup/lib/ConfigFile.class.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index f964eb094..d0cbb1d51 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 
 3.3.10.2 (not yet released)
 - [security] Fixed possible session corruption in swekey authentication
+- [security] Fixed possible code injection incase session variables are compromised 
 
 3.3.10.1 (2011-05-20)
 - [security] XSS on Tracking page
diff --git a/setup/lib/ConfigFile.class.php b/setup/lib/ConfigFile.class.php
index c0ff63daf..978eba33f 100644
--- a/setup/lib/ConfigFile.class.php
+++ b/setup/lib/ConfigFile.class.php
@@ -286,7 +286,7 @@ class ConfigFile
         if ($this->getServerCount() > 0) {
             $ret .= "/* Servers configuration */$crlf\$i = 0;" . $crlf . $crlf;
             foreach ($c['Servers'] as $id => $server) {
-                $ret .= '/* Server: ' . strtr($this->getServerName($id), '*/', '-') . " [$id] */" . $crlf
+                $ret .= '/* Server: ' . strtr($this->getServerName($id) . " [$id] ", '*/', '-') . "*/" . $crlf
                     . '$i++;' . $crlf;
                 foreach ($server as $k => $v) {
                     $k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);