diff --git a/ChangeLog b/ChangeLog
index af9b79cb1..110f36338 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
- bug #3486970 [import] Exception on XML import
- bug #3488777 [navi] $cfg['ShowTooltipAliasTB'] and blank names in navigation
+3.4.10.1 (2012-02-18)
+- [security] XSS in replication setup, see PMASA-2012-1
+
3.4.10.0 (2012-02-14)
- bug #3460090 [interface] TextareaAutoSelect feature broken
- patch #3375984 [export] PHP Array export might generate invalid php code
diff --git a/js/replication.js b/js/replication.js
index 1a7c785b0..3ea119a97 100644
--- a/js/replication.js
+++ b/js/replication.js
@@ -5,7 +5,7 @@
*/
var random_server_id = Math.floor(Math.random() * 10000000);
-var conf_prefix = "server-id=" + random_server_id + "
log-bin=mysql-bin
log-error=mysql-bin.err
";
+var conf_prefix = "server-id=" + random_server_id + "\nlog-bin=mysql-bin\nlog-error=mysql-bin.err\n";
function update_config() {
var conf_ignore = "binlog_ignore_db=";
@@ -16,16 +16,16 @@ function update_config() {
});
if ($('#db_select option:selected').size() == 0) {
- $('#rep').html(conf_prefix);
+ $('#rep').text(conf_prefix);
} else if ($('#db_type option:selected').val() == 'all') {
- $('#rep').html(conf_prefix + conf_ignore + database_list);
+ $('#rep').text(conf_prefix + conf_ignore + database_list);
} else {
- $('#rep').html(conf_prefix + conf_do + database_list);
+ $('#rep').text(conf_prefix + conf_do + database_list);
}
}
$(document).ready(function() {
- $('#rep').html(conf_prefix);
+ $('#rep').text(conf_prefix);
$('#db_type').change(update_config);
$('#db_select').change(update_config);