nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed bug #1810629 XSS in setup.php

Browse Source
This commit is contained in:
Sebastian Mendel
2007-10-10 07:30:59 +00:00
parent 86b1e3032b
commit 96942edcce
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -22,6 +22,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #1807923 [login] Login with html entities in password fails
- [core] Undefined variable when creating a table that exists
2.11.1.1 (not yet released)
- bug #1810629 [setup] XSS in setup.php
2.11.1.0 (2007-09-20)
- bug #1783667 [export] NO_AUTO_VALUE_ON_ZERO and MySQL version

6
scripts/setup.php
View File

@@ -1951,12 +1951,16 @@ switch ($action) {
if (empty($_SERVER['REQUEST_URI']) || empty($_SERVER['HTTP_HOST'])) {
$redir = '';
} else {
$redir = ' If your server is also configured to accept HTTPS request follow <a href="https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '">this link</a> to use secure connection.';
$redir = ' If your server is also configured to accept HTTPS request'
. ' follow <a href="https://'
. htmlspecialchars($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'])
. '">this link</a> to use secure connection.';
}
message('warning', 'You are not using secure connection, all data (including sensitive, like passwords) are transfered unencrypted!' . $redir, 'Not secure connection');
}
break;
}
echo $_SERVER['REQUEST_URI'];
// Should we show information?
if ($show_info) {