Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8

ChangeLog

@@ -5,6 +5,7 @@ phpMyAdmin - ChangeLog
 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
 - [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7
+- [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8
 
 3.4.3.0 (2011-06-27)
 - bug #3311170 [sync] Missing helper icons in Synchronize
@@ -94,7 +95,7 @@ phpMyAdmin - ChangeLog
 + patch #2974341 [structure] Clicking on table name in db Structure should 
   Browse the table if possible, thanks to bhdouglass - dougboybhd
 + patch #2975533 [search] New search operators, thanks to
-  Martynas Mickevičius
+  Martynas Mickevičius
 + patch #2967320 [designer] Colored relations based on the primary key,
   thanks to GreenRover - greenrover
 - [core] Provide way for vendors to easily change paths to config files.
@@ -248,7 +249,7 @@ phpMyAdmin - ChangeLog
 
 3.3.7.0 (2010-09-07)
 - patch #3050492 [PDF scratchboard] Cannot drag table box to the edge after
-  a page size increase, thanks to Martin Schönberger - mad05
+  a page size increase, thanks to Martin Schönberger - mad05
 
 3.3.6.0 (2010-08-28)
 - bug #3033063 [core] Navi gets wrong db name
@@ -269,7 +270,7 @@ phpMyAdmin - ChangeLog
 
 3.3.5.0 (2010-07-26)
 - patch #2932113 [information_schema] Slow export when having lots of
-  databases, thanks to Stéphane Pontier - shadow_walker
+  databases, thanks to Stéphane Pontier - shadow_walker
 - bug #3022705 [import] Import button does not work in Catalan when there
   is no progress bar possible
 - bug [replication] Do not offer information_schema in the list of databases
@@ -309,9 +310,9 @@ phpMyAdmin - ChangeLog
 - patch #2984893 [engines] InnoDB storage page emits a warning,
   thanks to Madhura Jayaratne - madhuracj
 - bug #2974687, bug #2974692 [compatibility] PHPExcel : IBM AIX iconv() does not work,
-  thanks to Björn Wiberg - bwiberg
+  thanks to Björn Wiberg - bwiberg
 - bug #2983066 [interface] Flush table on table operations shows the query twice, 
-  thanks to Martynas Mickevičius - BlinK_
+  thanks to Martynas Mickevičius - BlinK_
 - bug #2983060, patch #2987900 [interface] Fix initial state of tables in
   designer, thanks to Sutharshan Balachandren.
 - bug #2983062, patch #2989408 [engines] Fix warnings when changing table
@@ -390,7 +391,7 @@ phpMyAdmin - ChangeLog
 + rfe #2839504 [engines] Support InnoDB plugin's new row formats 
 + [core] Added ability for synchronizing databases among servers.
 + [lang] #2843101 Dutch update, thanks to scavenger2008
-+ [lang] Galician update, thanks to Xosé Calvo - xosecalvo
++ [lang] Galician update, thanks to Xosé Calvo - xosecalvo
 + [export] Added MediaWiki export module,
   thanks to Derek Schaefer - drummingds1
 + [lang] Turkish update, thanks to Burak Yavuz

libraries/display_tbl.lib.php

@@ -1308,7 +1308,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
             if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
 
                 if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) {
-                    $include_file = $GLOBALS['mime_map'][$meta->name]['transformation'];
+                    $include_file = PMA_securePath($GLOBALS['mime_map'][$meta->name]['transformation']);
 
                     if (file_exists('./libraries/transformations/' . $include_file)) {
                         $transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']);