[security] XSS in a Designer component

ChangeLog

@@ -9,6 +9,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - [lang] Italian update, thanks to Luca and fantu
 - bug #2107583 [GUI] Leading newline truncated, thanks to Isart Montane
 
+3.0.1.1 (2008-10-30)
+- [security] XSS in a Designer component 
+
 3.0.1.0 (2008-10-22)
 - bug #2134126 [GUI] SQL error after sorting a subset
 + [lang] Catalan update, thanks to Xavier Navarro
@@ -119,6 +122,9 @@ danbarry
 - patch #2115966 [GUI] Checkboxes and IE 7, thanks to Martin - maschg 
 - bug #1914066 [core] ForceSSL generates incorrectly escaped redirections
 
+2.11.9.3 (2008-10-30)
+- [security] XSS in a Designer component 
+
 2.11.9.2 (2008-09-22)
 - [security] XSS in MSIE using NUL byte, thanks to JPCERT.
 

pmd_pdf.php

@@ -61,7 +61,8 @@ require_once './libraries/header_meta_style.inc.php';
 <body>
 <br>
 <div>
-  <form name="form1" method="post" action="pmd_pdf.php?server=<?php echo $server; ?>&db=<?php echo $db; ?>&token=<?php echo $token; ?>">
+  <form name="form1" method="post" action="pmd_pdf.php">
+<?php echo PMA_generate_common_hidden_inputs($db); ?>
     <div>
     <fieldset><legend><?php echo $GLOBALS['strExport'] . '/' . $GLOBALS['strImport']; ?></legend>
     <p><?php echo $strExportImportToScale; ?>: