diff --git a/ChangeLog b/ChangeLog index aa8a7c6c6..70281dd58 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA - patch #2143882 [import] Temporary uploaded file not deleted, thanks to David Misc - dmisc - bug #2136986 [auth] Cannot create database after session timeout +- bug #1914066 [core] ForceSSL generates incorrectly escaped redirections + (this time with the correct fix) 3.0.0.0 (2008-09-27) + [export] properly handle line breaks for YAML, thanks to Dan Barry - @@ -96,7 +98,7 @@ danbarry + [lang] Hungarian update, thanks to Jozsef Tamas Herczeg - dodika - bug #2113848 [navi] Page number after database switching - patch #2115966 [GUI] Checkboxes and IE 7, thanks to Martin - maschg -- bug #114066 [core] ForceSSL generates incorrectly escaped redirections +- bug #1914066 [core] ForceSSL generates incorrectly escaped redirections 2.11.9.2 (2008-09-22) - [security] XSS in MSIE using NUL byte, thanks to JPCERT. diff --git a/libraries/common.inc.php b/libraries/common.inc.php index b00b3df79..dfe81da99 100644 --- a/libraries/common.inc.php +++ b/libraries/common.inc.php @@ -534,7 +534,7 @@ if ($_SESSION['PMA_Config']->get('ForceSSL') PMA_sendHeaderLocation( preg_replace('/^http/', 'https', $_SESSION['PMA_Config']->get('PmaAbsoluteUri')) - . PMA_generate_common_url($_GET, '', '&')); + . PMA_generate_common_url($_GET, '&'); exit; } diff --git a/libraries/url_generating.lib.php b/libraries/url_generating.lib.php index f93e74c70..6e1c87b3a 100644 --- a/libraries/url_generating.lib.php +++ b/libraries/url_generating.lib.php @@ -183,9 +183,13 @@ function PMA_getHiddenFields($values, $pre = '') * @uses implode() * @param mixed assoc. array with url params or optional string with database name * if first param is an array there is also an ? prefixed to the url - * @param string optional table name only if first param is array - * @param string character to use instead of '&' for deviding - * multiple URL parameters from each other + * @param string if first param is array: optional character to use + * instead of '&' for dividing URL parameters + * else, optional table name + * @param string if first param is array: optional character to + * use instead of '?' + * else, optional character to use instead of '&' + * for dividing URL parameters * @return string string with URL parameters * @access public * @author nijel