nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed bug #1810629 XSS in setup.php

Browse Source
This commit is contained in:
Sebastian Mendel
2007-10-10 07:30:59 +00:00
parent a915e18bd1
commit 75a9c28807
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -18,6 +18,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #1807923 [login] Login with html entities in password fails - bug #1807923 [login] Login with html entities in password fails
- [core] Undefined variable when creating a table that exists - [core] Undefined variable when creating a table that exists
2.11.1.1 (not yet released)
- bug #1810629 [setup] XSS in setup.php
2.11.1.0 (2007-09-20) 2.11.1.0 (2007-09-20)
- bug #1783667 [export] NO_AUTO_VALUE_ON_ZERO and MySQL version - bug #1783667 [export] NO_AUTO_VALUE_ON_ZERO and MySQL version

5
scripts/setup.php
View File

@@ -1951,7 +1951,10 @@ switch ($action) {
if (empty($_SERVER['REQUEST_URI']) || empty($_SERVER['HTTP_HOST'])) { if (empty($_SERVER['REQUEST_URI']) || empty($_SERVER['HTTP_HOST'])) {
$redir = ''; $redir = '';
} else { } else {
$redir = ' If your server is also configured to accept HTTPS request follow <a href="https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '">this link</a> to use secure connection.'; $redir = ' If your server is also configured to accept HTTPS request'
. ' follow <a href="https://'
. htmlspecialchars($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'])
. '">this link</a> to use secure connection.';
} }
message('warning', 'You are not using secure connection, all data (including sensitive, like passwords) are transfered unencrypted!' . $redir, 'Not secure connection'); message('warning', 'You are not using secure connection, all data (including sensitive, like passwords) are transfered unencrypted!' . $redir, 'Not secure connection');
} }