From 47744bcdda98944c9ae278162de0f173883fe700 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Tue, 20 Nov 2007 12:55:14 +0000
Subject: [PATCH] bug #1835123 [security] fixed XSS vulnerability on login
 page, thanks to Tim Brown (Nth Dimension) for the advisory and to Sebastian
 for the fix

---
 ChangeLog                          | 5 +++++
 libraries/auth/cookie.auth.lib.php | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 3a9011b75..ac9dbb875 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,11 @@ phpMyAdmin - ChangeLog
 $Id$
 $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
 
+2.11.2.2 (2007-11-20)
+- bug #1835123 [security] fixed XSS vulnerability on login page, 
+  thanks to Tim Brown (Nth Dimension) for the advisory 
+  and to Sebastian for the fix
+
 2.11.2.1 (2007-11-11)
 - fixed possible SQL injection using database name
 - fixed possible XSS in database name - thanks to Omer Singer, The DigiTrust Group
diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php
index aa80737b4..7665e3e91 100644
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -233,7 +233,7 @@ if (top != self) {
     <fieldset class="tblFooters">
         <input value="<?php echo $GLOBALS['strGo']; ?>" type="submit" />
         <input type="hidden" name="lang" value="<?php echo $GLOBALS['lang']; ?>" />
-        <input type="hidden" name="convcharset" value="<?php echo $GLOBALS['convcharset']; ?>" />
+        <input type="hidden" name="convcharset" value="<?php echo htmlspecialchars($GLOBALS['convcharset'], ENT_QUOTES); ?>" />
     <?php
     if (!empty($GLOBALS['target'])) {
         echo '            <input type="hidden" name="target" value="' . htmlspecialchars($GLOBALS['target']) . '" />' . "\n";