From e05b37d3c9e5b99e8a779fe55780d92df17b4a55 Mon Sep 17 00:00:00 2001
From: Dieter Adriaenssens <ruleant@users.sourceforge.net>
Date: Mon, 3 Oct 2011 20:38:36 +0200
Subject: [PATCH] Fixed local path disclosure vulnerability, see PMASA-2011-15

---
 ChangeLog          | 1 +
 phpmyadmin.css.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 239796fb28..b8c33cb8ce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,7 @@ phpMyAdmin - ChangeLog
 - bug #3414744 [core] External link fails in 3.4.5
 - patch #3314626 [display] CharTextareaRows is not respected
 - bug #3417089 [synchronize] Extraneous db choices
+- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
 
 3.4.5.0 (2011-09-14)
 - bug #3375325 [interface] Page list in navigation frame looks odd
diff --git a/phpmyadmin.css.php b/phpmyadmin.css.php
index 2275c97ffd..b3cfecc2b8 100644
--- a/phpmyadmin.css.php
+++ b/phpmyadmin.css.php
@@ -9,7 +9,7 @@
  *
  */
 // sometimes, we lose $_REQUEST['js_frame']
-define('PMA_FRAME', empty($_REQUEST['js_frame']) ? 'right' : $_REQUEST['js_frame']);
+define('PMA_FRAME', (! empty($_REQUEST['js_frame']) && is_string($_REQUEST['js_frame'])) ? $_REQUEST['js_frame'] : 'right');
 
 define('PMA_MINIMUM_COMMON', true);
 require_once './libraries/common.inc.php';
-- 
2.11.4.GIT