- fixed XSS in server_status.php, thanks to Omer Singer, The DigiTrust Group

- fixed some possible XSS with PHP_SELF (PATH_INFO)

server_status.php

@@ -267,11 +267,8 @@ $sections = array(
 // variable or section name => (name => url)
 $links = array();
 
-// because of PMA_NO_VARIABLES_IMPORT, the $PHP_SELF globalized by
-// grab_globals is not available here when register_globals = Off
-// and in some situations, $_SERVER['PHP_SELF'] is not defined
 $links['table'][$strFlushTables]
-    = PMA_getenv('PHP_SELF') . '?flush=TABLES&' . PMA_generate_common_url();
+    = $PMA_PHP_SELF . '?flush=TABLES&' . PMA_generate_common_url();
 $links['table'][$strShowOpenTables]
     = 'sql.php?sql_query=' . urlencode('SHOW OPEN TABLES') .
       '&goto=server_status.php&' . PMA_generate_common_url();
@@ -286,7 +283,7 @@ $links['repl']['MySQL - ' . $strDocu]
     = $cfg['MySQLManualBase'] . '/replication.html';
 
 $links['qcache'][$strFlushQueryCache]
-    = PMA_getenv('PHP_SELF') . '?flush=' . urlencode('QUERY CACHE') . '&' .
+    = $PMA_PHP_SELF . '?flush=' . urlencode('QUERY CACHE') . '&' .
       PMA_generate_common_url();
 $links['qcache']['MySQL - ' . $strDocu]
     = $cfg['MySQLManualBase'] . '/query-cache.html';
@@ -345,10 +342,10 @@ $hour_factor    = 3600 / $server_status['Uptime'];
 ?>
 <div id="statuslinks">
     <a href="<?php echo
-        PMA_getenv('PHP_SELF') . '?' . PMA_generate_common_url(); ?>"
+        $PMA_PHP_SELF . '?' . PMA_generate_common_url(); ?>"
        ><?php echo $strRefresh; ?></a>
     <a href="<?php echo
-        PMA_getenv('PHP_SELF') . '?flush=STATUS&amp;' . PMA_generate_common_url(); ?>"
+        $PMA_PHP_SELF . '?flush=STATUS&amp;' . PMA_generate_common_url(); ?>"
        ><?php echo $strShowStatusReset; ?></a>
     <a href="<?php echo
         $cfg['MySQLManualBase']; ?>/server-status-variables.html"
@@ -367,7 +364,7 @@ echo sprintf($strServerStatusUptime,
 <?php
 foreach ($sections as $section_name => $section) {
     if (! empty($section['vars']) && ! empty($section['title'])) {
-        echo '<a href="' . PMA_getenv('PHP_SELF') . '?' .
+        echo '<a href="' . $PMA_PHP_SELF . '?' .
              PMA_generate_common_url() . '#' . $section_name . '">' .
              $section['title'] . '</a>' . "\n";
     }
@@ -586,7 +583,7 @@ foreach ($sections as $section_name => $section) {
     <table class="data" id="serverstatussection<?php echo $section_name; ?>">
     <caption class="tblHeaders">
         <a class="top"
-           href="<?php echo PMA_getenv('PHP_SELF') . '?' .
+           href="<?php echo $PMA_PHP_SELF . '?' .
                  PMA_generate_common_url() . '#serverstatus'; ?>"
            name="<?php echo $section_name; ?>"><?php echo $strPos1; ?>
             <?php echo