From 86073d532aed656550cb731aa5b4288b126ae7a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <mcihar@suse.cz>
Date: Thu, 16 Feb 2012 15:22:42 +0100
Subject: [PATCH 1/2] Do not put database names as html

---
 js/replication.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/js/replication.js b/js/replication.js
index 1a7c785b0..3ea119a97 100644
--- a/js/replication.js
+++ b/js/replication.js
@@ -5,7 +5,7 @@
  */
 
 var random_server_id = Math.floor(Math.random() * 10000000);
-var conf_prefix = "server-id=" + random_server_id + "<br />log-bin=mysql-bin<br />log-error=mysql-bin.err<br />";
+var conf_prefix = "server-id=" + random_server_id + "\nlog-bin=mysql-bin\nlog-error=mysql-bin.err\n";
 
 function update_config() {
     var conf_ignore = "binlog_ignore_db=";
@@ -16,16 +16,16 @@ function update_config() {
     });
 
     if ($('#db_select option:selected').size() == 0) {
-        $('#rep').html(conf_prefix);
+        $('#rep').text(conf_prefix);
     } else if ($('#db_type option:selected').val() == 'all') {
-        $('#rep').html(conf_prefix + conf_ignore + database_list);
+        $('#rep').text(conf_prefix + conf_ignore + database_list);
     } else {
-        $('#rep').html(conf_prefix + conf_do + database_list);
+        $('#rep').text(conf_prefix + conf_do + database_list);
     }
 }
 
 $(document).ready(function() {
-    $('#rep').html(conf_prefix);
+    $('#rep').text(conf_prefix);
     $('#db_type').change(update_config);
     $('#db_select').change(update_config);
 

From 9c8c9e88fca471d63c9c3d0d50575c908b243303 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Sat, 18 Feb 2012 07:12:50 -0500
Subject: [PATCH 2/2] [security] XSS in replication setup, see PMASA-2012-1

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 4aee1d185..40614885d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,9 @@
 phpMyAdmin - ChangeLog
 ======================
 
+3.4.10.1 (2012-02-18)
+- [security] XSS in replication setup, see PMASA-2012-1
+
 3.4.10.0 (2012-02-14)
 - bug #3460090 [interface] TextareaAutoSelect feature broken
 - patch #3375984 [export] PHP Array export might generate invalid php code