From 1af420e22367ae72ff4091adb1620e59ddad5ba6 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Tue, 4 Oct 2011 06:20:17 -0400
Subject: [PATCH] [security] Fixed XSS in setup (verbose parameter)

---
 ChangeLog                             | 1 +
 libraries/config/ConfigFile.class.php | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b8c33cb8ce..020aef316e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,7 @@ phpMyAdmin - ChangeLog
 - patch #3314626 [display] CharTextareaRows is not respected
 - bug #3417089 [synchronize] Extraneous db choices
 - [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
+- [security] Fixed XSS in setup (verbose parameter)
 
 3.4.5.0 (2011-09-14)
 - bug #3375325 [interface] Page list in navigation frame looks odd
diff --git a/libraries/config/ConfigFile.class.php b/libraries/config/ConfigFile.class.php
index 20369f1efc..9e1690c07a 100644
--- a/libraries/config/ConfigFile.class.php
+++ b/libraries/config/ConfigFile.class.php
@@ -422,7 +422,7 @@ class ConfigFile
         }
         $verbose = $this->get("Servers/$id/verbose");
         if (!empty($verbose)) {
-            return $verbose;
+            return htmlspecialchars($verbose);
         }
         $host = $this->get("Servers/$id/host");
         return empty($host) ? 'localhost' : $host;
@@ -508,4 +508,4 @@ class ConfigFile
         return $c;
     }
 }
-?>
\ No newline at end of file
+?>
-- 
2.11.4.GIT