Sophie: phpmyadmin-4.2.13.3-1.3.mga5 src

phpmyadmin-4.2.13.3-1.3.mga5.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

From 2b31866fe0b30b867aaf5b5fedb11adb354e037f Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Tue, 20 Oct 2015 10:02:54 -0400
Subject: [PATCH] [security] Content spoofing on url.php

Signed-off-by: Marc Delisle <marc@infomarc.info>
---
 url.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/url.php b/url.php
index 82b2243..44c140b 100644
--- a/url.php
+++ b/url.php
@@ -32,7 +32,8 @@
             }
         </script>";
     // Display redirecting msg on screen.
-    printf(__('Taking you to %s.'), htmlspecialchars($_GET['url']));
+    // Do not display the value of $_GET['url'] to avoid showing injected content
+    echo __('Taking you to the target site.');
 }
 die();
 ?>