| From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001 |
| From: Wenzong Fan <wenzong.fan@windriver.com> |
| Date: Sat, 14 Nov 2015 02:01:54 -0500 |
| Subject: [PATCH] Port content spoofing fix |
| |
| Backport upstream commit for fixing CVE-2015-7873: |
| https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706 |
| |
| Upstream-Status: Backport |
| |
| Signed-off-by: Marc Delisle <marc@infomarc.info> |
| Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> |
| --- |
| ChangeLog | 4 ++++ |
| url.php | 3 ++- |
| 2 files changed, 6 insertions(+), 1 deletion(-) |
| |
| diff --git a/ChangeLog b/ChangeLog |
| index 4cb6708..96936c8 100644 |
| --- a/ChangeLog |
| +++ b/ChangeLog |
| @@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog |
| - issue #11448 Clarify doc about the MemoryLimit directive |
| - issue #11489 Cannot copy a database under certain conditions |
| |
| +4.4.15.1 (2015-10-23) |
| +- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system |
| +- issue [security] Content spoofing on url.php |
| + |
| 4.4.15.0 (not yet released) |
| - issue #11411 Undefined "replace" function on numeric scalar |
| - issue #11421 Stored-proc / routine - broken parameter parsing |
| diff --git a/url.php b/url.php |
| index eec78a5..9c4c884 100644 |
| --- a/url.php |
| +++ b/url.php |
| @@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url']) |
| } |
| </script>"; |
| // Display redirecting msg on screen. |
| - printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url'])); |
| + // Do not display the value of $_REQUEST['url'] to avoid showing injected content |
| + echo __('Taking you to the target site.'); |
| } |
| die(); |
| -- |
| 1.9.1 |
| |