diff --git a/ChangeLog b/ChangeLog
index a1ebd5ea0..e242164f7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -89,6 +89,11 @@ danbarry
 - bug [history] Do not save too big queries in history
 - [security] Do not show version info on login screen
 
+2.11.7.1 (2008-07-15)
+- bug [security] XSRF/CSRF by manipulating the db,
+  convcharset and collation_connection parameters,
+  thanks to YGN Ethical Hacker Group
+
 2.11.7.0 (2008-06-23)
 - bug #1908719 [interface] New field cannot be auto-increment and primary key
 - [dbi] Incorrect interpretation for some mysqli field flags
@@ -279,7 +284,6 @@ danbarry
 - bug #1810629 [setup] XSS in setup.php, thanks to Omer Singer, The DigiTrust Group
 
 2.11.1.0 (2007-09-20)
-
 - bug #1783667 [export] NO_AUTO_VALUE_ON_ZERO and MySQL version
 - bug #1780098 [GUI] Logout causes CSS loss, thanks to Juergen Wind
 . incorrect field ids, thanks to Michael Keck
@@ -298,7 +302,6 @@ danbarry
 - bug #1798627 [GUI] Wrong storage engine displayed
 
 2.11.0.0 (2007-08-21)
-
 + [import] support handling of DELIMITER to mimic mysql CLI, thanks to fb1
 + improved PHP 6 compatibility
 - bug #1674914 [structure] changing definition of a TIMESTAMP field
@@ -397,7 +400,6 @@ danbarry
 - bug #1771721 Old SVN URLs
 
 2.10.3.0 (2007-07-20)
-
 - bug #1734285 Copy database with VIEWs
 - bug #1722502 DROP TABLE in export VIEW
 - bug #1729027 Sorting results of VIEW browsing
@@ -411,7 +413,6 @@ danbarry
 - Do not try to delete an internal relation if we just deleted an InnoDB one
 
 2.10.2.0 (2007-06-15)
-
 + [data] display all warnings, not only last one
 - typo in fix for bug #1671813
 - bug #1714908 Inserted Row Count is wrong
@@ -434,8 +435,6 @@ danbarry
 - patch #1731280 Avoid negative exponent in gmp_pow(), thanks to anosek
 
 2.10.1.0 (2007-04-23)
-=====================
-
 - bug #1541147 [js] '#' in database names not correctly handled by queywindow.js
 - bug #1671403 [parser] using "client" as table name
 - bug #1672379 [core] Call to undefined function PMA_removeCookie()
@@ -468,19 +467,13 @@ danbarry
 - bug #1704467 XSS vulnerability in browse_foreigners.php, thanks to sp3x SecurityReason
 
 2.10.0.2 (2007-03-02)
-=====================
-
 + bug #1671813 CVE-2006-1549 deep recursion crash
 
 2.10.0.1 (2007-03-01)
-=====================
-
 . [config] set $cfg['Servers'][$i]['ssl'] default value to false,
    we got reports from some users having problems with the default value of true
 
 2.10.0.0 (2007-02-28)
-=====================
-
 - bug #1659176 [general] memory error displaying a table with large BLOBs
 - bug #1668662 [install] can create the new pma_designer_coords table
 + [gui] navi logo now links to main page by default, with still the possibility
diff --git a/Documentation.html b/Documentation.html
index 389bd4774..0dd544407 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -2764,7 +2764,8 @@ SetInputFilter PHP
     <a href="#faq1_34">1.34 Can I access directly to database or table pages?</a></h4>
 
 <p> Yes. Out of the box, you can use <abbr title="Uniform Resource Locator">URL</abbr>s like
-    http://server/phpMyAdmin/index.php?db=database&amp;table=table&amp;target=script.
+http://server/phpMyAdmin/index.php?server=X&amp;db=database&amp;table=table&amp;target=script. For <tt>server</tt> you use the server number which refers to
+the order of the server paragraph in <tt>config.inc.php</tt>.
     Table and script parts are optional. If you want
     http://server/phpMyAdmin/database[/table][/script] <abbr title="Uniform Resource Locator">URL</abbr>s, you need to do
     some configuration. Following lines apply only for <a
diff --git a/db_create.php b/db_create.php
index 5eca34144..686923b22 100644
--- a/db_create.php
+++ b/db_create.php
@@ -12,7 +12,7 @@ require_once './libraries/common.inc.php';
 $GLOBALS['js_include'][] = 'functions.js';
 require_once './libraries/mysql_charsets.lib.php';
 
-PMA_checkParameters(array('db'));
+PMA_checkParameters(array('new_db'));
 
 /**
  * Defines the url to return to in case of error in a sql statement
@@ -22,7 +22,7 @@ $err_url = 'main.php?' . PMA_generate_common_url();
 /**
  * Builds and executes the db creation sql query
  */
-$sql_query = 'CREATE DATABASE ' . PMA_backquote($db);
+$sql_query = 'CREATE DATABASE ' . PMA_backquote($new_db);
 if (!empty($db_collation)) {
     list($db_charset) = explode('_', $db_collation);
     if (in_array($db_charset, $mysql_charsets) && in_array($db_collation, $mysql_collations[$db_charset])) {
@@ -43,7 +43,8 @@ if (! $result) {
     require_once './main.php';
 } else {
     $message = PMA_Message::success('strDatabaseHasBeenCreated');
-    $message->addParam($db);
+    $message->addParam($new_db);
+    $GLOBALS['db'] = $new_db;
 
     require_once './libraries/header.inc.php';
     require_once './' . $cfg['DefaultTabDatabase'];
diff --git a/index.php b/index.php
index 007fb5296..4ea0a4f36 100644
--- a/index.php
+++ b/index.php
@@ -124,6 +124,7 @@ header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
     var server = '<?php echo PMA_escapeJsString($GLOBALS['server']); ?>';
     var table = '<?php echo PMA_escapeJsString($GLOBALS['table']); ?>';
     var db    = '<?php echo PMA_escapeJsString($GLOBALS['db']); ?>';
+    var token = '<?php echo PMA_escapeJsString($_SESSION[' PMA_token ']); ?>';
     var text_dir = '<?php echo PMA_escapeJsString($GLOBALS['text_dir']); ?>';
     var pma_absolute_uri = '<?php echo PMA_escapeJsString($GLOBALS['cfg']['PmaAbsoluteUri']); ?>';
 
diff --git a/js/common.js b/js/common.js
index 99c43fb92..a8c4115c6 100644
--- a/js/common.js
+++ b/js/common.js
@@ -147,6 +147,7 @@ function setTable(new_table) {
  *
  * @uses     goTo()
  * @uses     opendb_url
+ * @uses     token
  * @uses     db
  * @uses     server
  * @uses     table
@@ -165,6 +166,7 @@ function refreshMain(url) {
     }
     //alert(db);
     goTo(url + '?server=' + encodeURIComponent(server) +
+        '&token=' + encodeURIComponent(token) +
         '&db=' + encodeURIComponent(db) +
         '&table=' + encodeURIComponent(table) +
         '&lang=' + encodeURIComponent(lang) +
@@ -176,6 +178,7 @@ function refreshMain(url) {
  * reloads navigation frame
  *
  * @uses     goTo()
+ * @uses     token
  * @uses     db
  * @uses     server
  * @uses     table
@@ -185,6 +188,7 @@ function refreshMain(url) {
  */
 function refreshNavigation() {
     goTo('navigation.php?server=' + encodeURIComponent(server) +
+        '&token=' + encodeURIComponent(token)  +
         '&db=' + encodeURIComponent(db)  +
         '&table=' + encodeURIComponent(table) +
         '&lang=' + encodeURIComponent(lang) +
@@ -258,8 +262,8 @@ function markDbTable(db, table)
 /**
  * sets current selected server, table and db (called from libraries/footer.inc.php)
  */
-function setAll( new_lang, new_collation_connection, new_server, new_db, new_table ) {
-    //alert('setAll( ' + new_lang + ', ' + new_collation_connection + ', ' + new_server + ', ' + new_db + ', ' + new_table + ' )');
+function setAll( new_lang, new_collation_connection, new_server, new_db, new_table, new_token ) {
+    //alert('setAll( ' + new_lang + ', ' + new_collation_connection + ', ' + new_server + ', ' + new_db + ', ' + new_table + ', ' + new_token + ' )');
     if (new_server != server || new_lang != lang
       || new_collation_connection != collation_connection) {
         // something important has changed
@@ -268,6 +272,7 @@ function setAll( new_lang, new_collation_connection, new_server, new_db, new_tab
         table  = new_table;
         collation_connection  = new_collation_connection;
         lang  = new_lang;
+        token  = new_token;
         refreshNavigation();
     } else if (new_db != db || new_table != table) {
         // save new db and table
diff --git a/libraries/common.inc.php b/libraries/common.inc.php
index 0e15240ed..91cbcf131 100644
--- a/libraries/common.inc.php
+++ b/libraries/common.inc.php
@@ -399,7 +399,10 @@ if (! PMA_isValid($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['
      *  List of parameters which are allowed from unsafe source
      */
     $allow_list = array(
-        'db', 'table', 'lang', 'server', 'convcharset', 'collation_connection', 'target',
+        /* needed for direct access, see FAQ 1.34
+         * also, server needed for cookie login screen (multi-server)
+         */
+        'server', 'db', 'table', 'target',
         /* Session ID */
         'phpMyAdmin',
         /* Cookie preferences */
diff --git a/libraries/display_create_database.lib.php b/libraries/display_create_database.lib.php
index 2b4e9520e..7bf4e613b 100644
--- a/libraries/display_create_database.lib.php
+++ b/libraries/display_create_database.lib.php
@@ -21,7 +21,7 @@ if ($is_create_db_priv) {
             <?php echo '<label for="text_create_db">' . $strCreateNewDatabase . '</label>&nbsp;' . PMA_showMySQLDocu('SQL-Syntax', 'CREATE_DATABASE'); ?></strong><br />
             <?php echo PMA_generate_common_hidden_inputs('', '', 5); ?>
             <input type="hidden" name="reload" value="1" />
-            <input type="text" name="db" value="<?php echo $db_to_create; ?>" maxlength="64" class="textfield" id="text_create_db"/>
+            <input type="text" name="new_db" value="<?php echo $db_to_create; ?>" maxlength="64" class="textfield" id="text_create_db"/>
     <?php
     require_once './libraries/mysql_charsets.lib.php';
     echo PMA_generateCharsetDropdownBox(PMA_CSDROPDOWN_COLLATION, 'db_collation', null, null, TRUE, 5);
diff --git a/libraries/footer.inc.php b/libraries/footer.inc.php
index 96eb69ceb..09036b577 100644
--- a/libraries/footer.inc.php
+++ b/libraries/footer.inc.php
@@ -106,7 +106,8 @@ if (window.parent.setAll) {
         echo PMA_escapeJsString($GLOBALS['collation_connection']) . "', '";
         echo PMA_escapeJsString($GLOBALS['server']) . "', '";
         echo PMA_escapeJsString(PMA_ifSetOr($GLOBALS['db'], '')) . "', '";
-        echo PMA_escapeJsString(PMA_ifSetOr($GLOBALS['table'], '')); ?>');
+        echo PMA_escapeJsString(PMA_ifSetOr($GLOBALS['table'], '')) . "', '";
+        echo PMA_escapeJsString($_SESSION[' PMA_token ']);?>');
 }
     <?php
     if (! empty($GLOBALS['reload'])) {