| Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame^] | 1 | From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001 |
| 2 | From: Wenzong Fan <wenzong.fan@windriver.com> |
| 3 | Date: Sat, 14 Nov 2015 02:01:54 -0500 |
| 4 | Subject: [PATCH] Port content spoofing fix |
| 5 | |
| 6 | Backport upstream commit for fixing CVE-2015-7873: |
| 7 | https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706 |
| 8 | |
| 9 | Upstream-Status: Backport |
| 10 | |
| 11 | Signed-off-by: Marc Delisle <marc@infomarc.info> |
| 12 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> |
| 13 | --- |
| 14 | ChangeLog | 4 ++++ |
| 15 | url.php | 3 ++- |
| 16 | 2 files changed, 6 insertions(+), 1 deletion(-) |
| 17 | |
| 18 | diff --git a/ChangeLog b/ChangeLog |
| 19 | index 4cb6708..96936c8 100644 |
| 20 | --- a/ChangeLog |
| 21 | +++ b/ChangeLog |
| 22 | @@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog |
| 23 | - issue #11448 Clarify doc about the MemoryLimit directive |
| 24 | - issue #11489 Cannot copy a database under certain conditions |
| 25 | |
| 26 | +4.4.15.1 (2015-10-23) |
| 27 | +- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system |
| 28 | +- issue [security] Content spoofing on url.php |
| 29 | + |
| 30 | 4.4.15.0 (not yet released) |
| 31 | - issue #11411 Undefined "replace" function on numeric scalar |
| 32 | - issue #11421 Stored-proc / routine - broken parameter parsing |
| 33 | diff --git a/url.php b/url.php |
| 34 | index eec78a5..9c4c884 100644 |
| 35 | --- a/url.php |
| 36 | +++ b/url.php |
| 37 | @@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url']) |
| 38 | } |
| 39 | </script>"; |
| 40 | // Display redirecting msg on screen. |
| 41 | - printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url'])); |
| 42 | + // Do not display the value of $_REQUEST['url'] to avoid showing injected content |
| 43 | + echo __('Taking you to the target site.'); |
| 44 | } |
| 45 | die(); |
| 46 | -- |
| 47 | 1.9.1 |
| 48 | |