blob: 1e6bcbda52fb4077dcb6fbbf2dcff305f7685f54 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@windriver.com>
Date: Sat, 14 Nov 2015 02:01:54 -0500
Subject: [PATCH] Port content spoofing fix
Backport upstream commit for fixing CVE-2015-7873:
https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706
Upstream-Status: Backport
Signed-off-by: Marc Delisle <marc@infomarc.info>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
ChangeLog | 4 ++++
url.php | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 4cb6708..96936c8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog
- issue #11448 Clarify doc about the MemoryLimit directive
- issue #11489 Cannot copy a database under certain conditions
+4.4.15.1 (2015-10-23)
+- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
+- issue [security] Content spoofing on url.php
+
4.4.15.0 (not yet released)
- issue #11411 Undefined "replace" function on numeric scalar
- issue #11421 Stored-proc / routine - broken parameter parsing
diff --git a/url.php b/url.php
index eec78a5..9c4c884 100644
--- a/url.php
+++ b/url.php
@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url'])
}
</script>";
// Display redirecting msg on screen.
- printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url']));
+ // Do not display the value of $_REQUEST['url'] to avoid showing injected content
+ echo __('Taking you to the target site.');
}
die();
--
1.9.1
|
