diff --git a/ChangeLog b/ChangeLog
index 144db1983..b3f44d9de 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #1807923 [login] Login with html entities in password fails
- [core] Undefined variable when creating a table that exists
+2.11.1.1 (not yet released)
+- bug #1810629 [setup] XSS in setup.php
+
2.11.1.0 (2007-09-20)
- bug #1783667 [export] NO_AUTO_VALUE_ON_ZERO and MySQL version
diff --git a/scripts/setup.php b/scripts/setup.php
index 4fe497154..981dae639 100644
--- a/scripts/setup.php
+++ b/scripts/setup.php
@@ -1395,7 +1395,7 @@ switch ($action) {
} else {
mysql_close($conn);
}
- } else {
+ } else {
$socket = empty($new_server['socket']) || $new_server['connect_type'] == 'tcp' ? NULL : $new_server['socket'];
$port = empty($new_server['port']) || $new_server['connect_type'] == 'socket' ? NULL : $new_server['port'];
$conn = @mysqli_connect($new_server['host'], $new_server['controluser'], $new_server['controlpass'], NULL, $port, $socket);
@@ -1951,12 +1951,16 @@ switch ($action) {
if (empty($_SERVER['REQUEST_URI']) || empty($_SERVER['HTTP_HOST'])) {
$redir = '';
} else {
- $redir = ' If your server is also configured to accept HTTPS request follow this link to use secure connection.';
+ $redir = ' If your server is also configured to accept HTTPS request'
+ . ' follow this link to use secure connection.';
}
message('warning', 'You are not using secure connection, all data (including sensitive, like passwords) are transfered unencrypted!' . $redir, 'Not secure connection');
}
break;
}
+echo $_SERVER['REQUEST_URI'];
// Should we show information?
if ($show_info) {