File: 031_CVE-2007-5386.patch

package info (click to toggle)
phpmyadmin 4%3A2.9.1.1-13
  • links: PTS
  • area: main
  • in suites: etch
  • size: 13,324 kB
  • ctags: 119,177
  • sloc: php: 148,860; sh: 645; sql: 224; perl: 142
file content (13 lines) | stat: -rw-r--r-- 1,002 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
 
--- phpmyadmin-2.9.1.1.orig/scripts/setup.php	2006-11-19 01:28:45.000000000 +0100
+++ phpmyadmin-2.9.1.1/scripts/setup.php	2007-11-07 14:44:58.000000000 +0100
@@ -1854,7 +1854,9 @@
             if (empty($_SERVER['REQUEST_URI']) || empty($_SERVER['HTTP_HOST'])) {
                 $redir = '';
             } else {
-                $redir = ' If your server is also configured to accept HTTPS request follow <a href="https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '">this link</a> to use secure connection.';
+                $redir = ' If your server is also configured to accept HTTPS request follow <a href="https://' .
+                    htmlspecialchars($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']) .
+                    '">this link</a> to use secure connection.';
             }
             message('warning', 'You are not using secure connection, all data (including sensitive, like passwords) are transfered unencrypted!' . $redir, 'Not secure connection');
         }