fixed bug #1810629 XSS in setup.php
This commit is contained in:
Sebastian Mendel
@@ -22,6 +22,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
|
||||
- bug #1807923 [login] Login with html entities in password fails
|
||||
- [core] Undefined variable when creating a table that exists
|
||||
|
||||
2.11.1.1 (not yet released)
|
||||
- bug #1810629 [setup] XSS in setup.php
|
||||
|
||||
2.11.1.0 (2007-09-20)
|
||||
|
||||
- bug #1783667 [export] NO_AUTO_VALUE_ON_ZERO and MySQL version
|
||||
|
||||
@@ -1395,7 +1395,7 @@ switch ($action) {
|
||||
} else {
|
||||
mysql_close($conn);
|
||||
}
|
||||
} else {
|
||||
} else {
|
||||
$socket = empty($new_server['socket']) || $new_server['connect_type'] == 'tcp' ? NULL : $new_server['socket'];
|
||||
$port = empty($new_server['port']) || $new_server['connect_type'] == 'socket' ? NULL : $new_server['port'];
|
||||
$conn = @mysqli_connect($new_server['host'], $new_server['controluser'], $new_server['controlpass'], NULL, $port, $socket);
|
||||
@@ -1951,12 +1951,16 @@ switch ($action) {
|
||||
if (empty($_SERVER['REQUEST_URI']) || empty($_SERVER['HTTP_HOST'])) {
|
||||
$redir = '';
|
||||
} else {
|
||||
$redir = ' If your server is also configured to accept HTTPS request follow <a href="https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '">this link</a> to use secure connection.';
|
||||
$redir = ' If your server is also configured to accept HTTPS request'
|
||||
. ' follow <a href="https://'
|
||||
. htmlspecialchars($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'])
|
||||
. '">this link</a> to use secure connection.';
|
||||
}
|
||||
message('warning', 'You are not using secure connection, all data (including sensitive, like passwords) are transfered unencrypted!' . $redir, 'Not secure connection');
|
||||
}
|
||||
break;
|
||||
}
|
||||
echo $_SERVER['REQUEST_URI'];
|
||||
|
||||
// Should we show information?
|
||||
if ($show_info) {
|
||||
|
||||
Reference in New Issue
Block a user