bug #1914066 [core] ForceSSL generates incorrectly escaped redirections, this time with the correct fix
This commit is contained in:
Marc Delisle
@@ -12,6 +12,8 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
|
|||||||
- patch #2143882 [import] Temporary uploaded file not deleted,
|
- patch #2143882 [import] Temporary uploaded file not deleted,
|
||||||
thanks to David Misc - dmisc
|
thanks to David Misc - dmisc
|
||||||
- bug #2136986 [auth] Cannot create database after session timeout
|
- bug #2136986 [auth] Cannot create database after session timeout
|
||||||
|
- bug #1914066 [core] ForceSSL generates incorrectly escaped redirections
|
||||||
|
(this time with the correct fix)
|
||||||
|
|
||||||
3.0.0.0 (2008-09-27)
|
3.0.0.0 (2008-09-27)
|
||||||
+ [export] properly handle line breaks for YAML, thanks to Dan Barry -
|
+ [export] properly handle line breaks for YAML, thanks to Dan Barry -
|
||||||
@@ -96,7 +98,7 @@ danbarry
|
|||||||
+ [lang] Hungarian update, thanks to Jozsef Tamas Herczeg - dodika
|
+ [lang] Hungarian update, thanks to Jozsef Tamas Herczeg - dodika
|
||||||
- bug #2113848 [navi] Page number after database switching
|
- bug #2113848 [navi] Page number after database switching
|
||||||
- patch #2115966 [GUI] Checkboxes and IE 7, thanks to Martin - maschg
|
- patch #2115966 [GUI] Checkboxes and IE 7, thanks to Martin - maschg
|
||||||
- bug #114066 [core] ForceSSL generates incorrectly escaped redirections
|
- bug #1914066 [core] ForceSSL generates incorrectly escaped redirections
|
||||||
|
|
||||||
2.11.9.2 (2008-09-22)
|
2.11.9.2 (2008-09-22)
|
||||||
- [security] XSS in MSIE using NUL byte, thanks to JPCERT.
|
- [security] XSS in MSIE using NUL byte, thanks to JPCERT.
|
||||||
|
|||||||
@@ -534,7 +534,7 @@ if ($_SESSION['PMA_Config']->get('ForceSSL')
|
|||||||
PMA_sendHeaderLocation(
|
PMA_sendHeaderLocation(
|
||||||
preg_replace('/^http/', 'https',
|
preg_replace('/^http/', 'https',
|
||||||
$_SESSION['PMA_Config']->get('PmaAbsoluteUri'))
|
$_SESSION['PMA_Config']->get('PmaAbsoluteUri'))
|
||||||
. PMA_generate_common_url($_GET, '', '&'));
|
. PMA_generate_common_url($_GET, '&');
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -183,9 +183,13 @@ function PMA_getHiddenFields($values, $pre = '')
|
|||||||
* @uses implode()
|
* @uses implode()
|
||||||
* @param mixed assoc. array with url params or optional string with database name
|
* @param mixed assoc. array with url params or optional string with database name
|
||||||
* if first param is an array there is also an ? prefixed to the url
|
* if first param is an array there is also an ? prefixed to the url
|
||||||
* @param string optional table name only if first param is array
|
* @param string if first param is array: optional character to use
|
||||||
* @param string character to use instead of '&' for deviding
|
* instead of '&' for dividing URL parameters
|
||||||
* multiple URL parameters from each other
|
* else, optional table name
|
||||||
|
* @param string if first param is array: optional character to
|
||||||
|
* use instead of '?'
|
||||||
|
* else, optional character to use instead of '&'
|
||||||
|
* for dividing URL parameters
|
||||||
* @return string string with URL parameters
|
* @return string string with URL parameters
|
||||||
* @access public
|
* @access public
|
||||||
* @author nijel
|
* @author nijel
|
||||||
|
|||||||
Reference in New Issue
Block a user