[security] Fixed XSS in setup (host parameter), see PMASA-2011-16
This commit is contained in:
Dieter Adriaenssens
@@ -21,7 +21,7 @@ phpMyAdmin - ChangeLog
|
||||
- patch #3314626 [display] CharTextareaRows is not respected
|
||||
- bug #3417089 [synchronize] Extraneous db choices
|
||||
- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
|
||||
- [security] Fixed XSS in setup (verbose parameter)
|
||||
- [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16
|
||||
|
||||
3.4.5.0 (2011-09-14)
|
||||
- bug #3375325 [interface] Page list in navigation frame looks odd
|
||||
|
||||
@@ -26,7 +26,7 @@ $server_exists = !empty($id) && $cf->get("Servers/$id") !== null;
|
||||
|
||||
if ($mode == 'edit' && $server_exists) {
|
||||
$page_title = __('Edit server')
|
||||
. ' ' . $id . ' <small>(' . $cf->getServerDSN($id) . ')</small>';
|
||||
. ' ' . $id . ' <small>(' . htmlspecialchars($cf->getServerDSN($id)) . ')</small>';
|
||||
} elseif ($mode == 'remove' && $server_exists) {
|
||||
$cf->removeServer($id);
|
||||
header('Location: index.php');
|
||||
@@ -45,4 +45,4 @@ foreach ($forms['Servers'] as $form_name => $form) {
|
||||
$form_display->registerForm($form_name, $form, $id);
|
||||
}
|
||||
process_formset($form_display);
|
||||
?>
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user