From 44ace60f77ede6081e32e516bfd52d597d3f72a6 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Tue, 8 Feb 2011 08:15:01 -0500
Subject: [PATCH 1/4] PMASA-2011-1 fixes

---
 changelog.php | 18 ++++++++++++------
 license.php   | 11 ++++++++++-
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/changelog.php b/changelog.php
index 7b8c6f3ec..637efd105 100644
--- a/changelog.php
+++ b/changelog.php
@@ -15,13 +15,19 @@ require('./libraries/vendor_config.php');
 /**
  * Read changelog.
  */
-if (substr(CHANGELOG_FILE, -3) == '.gz') {
-    ob_start();
-    readgzfile(CHANGELOG_FILE);
-    $changelog = ob_get_contents();
-    ob_end_clean();
+// Check if the Changelog file is available, some distributions remove these.
+if (is_readable(CHANGELOG_FILE)) {
+    if (substr(CHANGELOG_FILE, -3) == '.gz') {
+        ob_start();
+        readgzfile(CHANGELOG_FILE);
+        $changelog = ob_get_contents();
+        ob_end_clean();
+    } else {
+        $changelog = file_get_contents(CHANGELOG_FILE);
+    }
 } else {
-    $changelog = file_get_contents(CHANGELOG_FILE);
+    echo "The Changelog file is not available on this system, please visit www.phpmyadmin.net for more information.";
+    exit;
 }
 
 /**
diff --git a/license.php b/license.php
index 029461129..6d638781d 100644
--- a/license.php
+++ b/license.php
@@ -19,5 +19,14 @@ require('./libraries/vendor_config.php');
  *
  */
 header('Content-type: text/plain; charset=iso-8859-1');
-readfile(LICENSE_FILE);
+
+$filename = LICENSE_FILE;
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+    readfile($filename);
+} else {
+    echo "The $filename file is not available on this system, please visit www.phpmyadmin.net for more information.";
+}
+
 ?>

From 06081b8f78431716f398e726c42beaf8f1d20b5a Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Tue, 8 Feb 2011 08:17:36 -0500
Subject: [PATCH 2/4] 3.3.9.1 release

---
 ChangeLog                  | 3 +++
 Documentation.html         | 4 ++--
 README                     | 4 ++--
 libraries/Config.class.php | 2 +-
 translators.html           | 4 ++--
 5 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a15b8fc20..d7e104f53 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
 $Id$
 $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
 
+3.3.9.1 (2011-02-08)
+- [security] Path disclosure, see PMASA-2011-1
+
 3.3.9.0 (2011-01-03)
 - bug [doc] Fix references to MySQL doc
 - patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand
diff --git a/Documentation.html b/Documentation.html
index 0a5cf5872..ad4e95133 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -10,7 +10,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
     <link rel="icon" href="./favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>phpMyAdmin 3.3.9 - Documentation</title>
+    <title>phpMyAdmin 3.3.9.1 - Documentation</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
 
@@ -18,7 +18,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
 <div id="header">
     <h1>
         <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
-        3.3.9 
+        3.3.9.1 
         Documentation
     </h1>
 </div>
diff --git a/README b/README
index 182b036c1..aeb211b08 100644
--- a/README
+++ b/README
@@ -5,8 +5,8 @@ phpMyAdmin - Readme
 
   A set of PHP-scripts to manage MySQL over the web.
 
-  Version 3.3.9
-  -------------
+  Version 3.3.9.1
+  ---------------
   http://www.phpmyadmin.net/
 
     Copyright (C) 1998-2000 Tobias Ratschiller <tobias_at_ratschiller.com>
diff --git a/libraries/Config.class.php b/libraries/Config.class.php
index 7e6460db4..89a80d20c 100644
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -92,7 +92,7 @@ class PMA_Config
      */
     function checkSystem()
     {
-        $this->set('PMA_VERSION', '3.3.9');
+        $this->set('PMA_VERSION', '3.3.9.1');
         /**
          * @deprecated
          */
diff --git a/translators.html b/translators.html
index 6d2f09675..ebb9f5126 100644
--- a/translators.html
+++ b/translators.html
@@ -11,7 +11,7 @@
     <link rel="icon" href="./favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>phpMyAdmin 3.3.9 - Official translators</title>
+    <title>phpMyAdmin 3.3.9.1 - Official translators</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
 
@@ -19,7 +19,7 @@
 <div id="header">
     <h1>
         <a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
-        3.3.9 
+        3.3.9.1 
         official translators list
     </h1>
 </div>

From 4c8c7080a76b837ae55cdc5e010c793b389a671a Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Tue, 8 Feb 2011 08:19:20 -0500
Subject: [PATCH 3/4] PMASA-2011-1 fixes

---
 changelog.php | 18 ++++++++++++------
 license.php   | 11 ++++++++++-
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/changelog.php b/changelog.php
index 7b8c6f3ec..637efd105 100644
--- a/changelog.php
+++ b/changelog.php
@@ -15,13 +15,19 @@ require('./libraries/vendor_config.php');
 /**
  * Read changelog.
  */
-if (substr(CHANGELOG_FILE, -3) == '.gz') {
-    ob_start();
-    readgzfile(CHANGELOG_FILE);
-    $changelog = ob_get_contents();
-    ob_end_clean();
+// Check if the Changelog file is available, some distributions remove these.
+if (is_readable(CHANGELOG_FILE)) {
+    if (substr(CHANGELOG_FILE, -3) == '.gz') {
+        ob_start();
+        readgzfile(CHANGELOG_FILE);
+        $changelog = ob_get_contents();
+        ob_end_clean();
+    } else {
+        $changelog = file_get_contents(CHANGELOG_FILE);
+    }
 } else {
-    $changelog = file_get_contents(CHANGELOG_FILE);
+    echo "The Changelog file is not available on this system, please visit www.phpmyadmin.net for more information.";
+    exit;
 }
 
 /**
diff --git a/license.php b/license.php
index 029461129..6d638781d 100644
--- a/license.php
+++ b/license.php
@@ -19,5 +19,14 @@ require('./libraries/vendor_config.php');
  *
  */
 header('Content-type: text/plain; charset=iso-8859-1');
-readfile(LICENSE_FILE);
+
+$filename = LICENSE_FILE;
+
+// Check if the file is available, some distributions remove these.
+if (is_readable($filename)) {
+    readfile($filename);
+} else {
+    echo "The $filename file is not available on this system, please visit www.phpmyadmin.net for more information.";
+}
+
 ?>

From 09b124c2723c5bf28404d800f7f8940d18cfc8dd Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Tue, 8 Feb 2011 08:20:20 -0500
Subject: [PATCH 4/4] ChangeLog for 3.3.9.1

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index a5226f5d2..6e88a8ada 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #3153409 [core] 0 row(s) affected 
 - bug #3155842 [core] Edit relational page and page number
 
+3.3.9.1 (2011-02-08)
+- [security] Path disclosure, see PMASA-2011-1
+
 3.3.9.0 (2011-01-03)
 - bug [doc] Fix references to MySQL doc
 - patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand