From 0e707906e69ce90c4852a0fce2a0fac7db86a3cd Mon Sep 17 00:00:00 2001
From: =?utf8?q?Michal=20=C4=8Ciha=C5=99?= <mcihar@suse.cz>
Date: Tue, 13 Dec 2011 12:42:39 -0500
Subject: [PATCH] [security] Self-XSS in setup (host parameter), see
 PMASA-2011-19

---
 ChangeLog                             | 1 +
 libraries/config/ConfigFile.class.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 75ab453840..961b33a652 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,7 @@ phpMyAdmin - ChangeLog
 - bug #3449659 [navi] Fast filter broken with table tree
 - bug #3448485 [GUI] Firefox favicon frameset regression
 - [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
+- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
 
 3.4.8.0 (2011-12-01)
 - bug #3425230 [interface] enum data split at space char (more space to edit)
diff --git a/libraries/config/ConfigFile.class.php b/libraries/config/ConfigFile.class.php
index 9e1690c07a..178a184774 100644
--- a/libraries/config/ConfigFile.class.php
+++ b/libraries/config/ConfigFile.class.php
@@ -425,7 +425,7 @@ class ConfigFile
             return htmlspecialchars($verbose);
         }
         $host = $this->get("Servers/$id/host");
-        return empty($host) ? 'localhost' : $host;
+        return empty($host) ? 'localhost' : htmlspecialchars($host);
     }
 
     /**
-- 
2.11.4.GIT