From 46a1afb372782533d8b04d72ae4b9b13a1248c0a Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Mon, 3 Oct 2011 12:34:18 -0400
Subject: [PATCH 1/2] Preparing for 3.4.6-rc1

---
 Documentation.html         | 4 ++--
 README                     | 2 +-
 libraries/Config.class.php | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Documentation.html b/Documentation.html
index dd5c999e6..645f86e70 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -9,7 +9,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
     <link rel="icon" href="./favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>phpMyAdmin 3.4.6-dev - Documentation</title>
+    <title>phpMyAdmin 3.4.6-rc1 - Documentation</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
 
@@ -17,7 +17,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
 <div id="header">
     <h1>
         <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
-        3.4.6-dev
+        3.4.6-rc1
         Documentation
     </h1>
 </div>
diff --git a/README b/README
index 4c822292c..e94403e94 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
 phpMyAdmin - Readme
 ===================
 
-Version 3.4.6-dev
+Version 3.4.6-rc1
 
 A set of PHP-scripts to manage MySQL over the web.
 
diff --git a/libraries/Config.class.php b/libraries/Config.class.php
index 4cc23154b..77da8dd52 100644
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -96,7 +96,7 @@ class PMA_Config
      */
     function checkSystem()
     {
-        $this->set('PMA_VERSION', '3.4.6-dev');
+        $this->set('PMA_VERSION', '3.4.6-rc1');
         /**
          * @deprecated
          */

From e05b37d3c9e5b99e8a779fe55780d92df17b4a55 Mon Sep 17 00:00:00 2001
From: Dieter Adriaenssens <ruleant@users.sourceforge.net>
Date: Mon, 3 Oct 2011 20:38:36 +0200
Subject: [PATCH 2/2] Fixed local path disclosure vulnerability, see
 PMASA-2011-15

---
 ChangeLog          | 1 +
 phpmyadmin.css.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 239796fb2..b8c33cb8c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,7 @@ phpMyAdmin - ChangeLog
 - bug #3414744 [core] External link fails in 3.4.5
 - patch #3314626 [display] CharTextareaRows is not respected
 - bug #3417089 [synchronize] Extraneous db choices
+- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
 
 3.4.5.0 (2011-09-14)
 - bug #3375325 [interface] Page list in navigation frame looks odd
diff --git a/phpmyadmin.css.php b/phpmyadmin.css.php
index 2275c97ff..b3cfecc2b 100644
--- a/phpmyadmin.css.php
+++ b/phpmyadmin.css.php
@@ -9,7 +9,7 @@
  *
  */
 // sometimes, we lose $_REQUEST['js_frame']
-define('PMA_FRAME', empty($_REQUEST['js_frame']) ? 'right' : $_REQUEST['js_frame']);
+define('PMA_FRAME', (! empty($_REQUEST['js_frame']) && is_string($_REQUEST['js_frame'])) ? $_REQUEST['js_frame'] : 'right');
 
 define('PMA_MINIMUM_COMMON', true);
 require_once './libraries/common.inc.php';