From 6a5e53c31bcbcadcb5d16cffaa3b9af181b26296 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Thu, 24 Jul 2008 17:26:05 +0000
Subject: [PATCH] possible XSS during setup

---
 ChangeLog         | 1 +
 scripts/setup.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 3fc620ae4c..d9da6a2d34 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #2022182 [import, export] Import/Export fails because of Mac files 
 - [security] protection against cross-frame scripting and
   new directive AllowThirdPartyFraming, thanks to YGN Ethical Hacker Group
+- [security] possible XSS during setup, thanks to YGN Ethical Hacker Group 
 
 2.11.7.1 (2008-07-15)
 - bug [security] XSRF/CSRF by manipulating the db,
diff --git a/scripts/setup.php b/scripts/setup.php
index ee723523d4..435c3210b1 100644
--- a/scripts/setup.php
+++ b/scripts/setup.php
@@ -682,7 +682,7 @@ function show_overview($title, $list, $buttons = '') {
         echo $val[0];
         echo '</div>';
         echo '<div class="data">';
-        echo $val[1];
+        echo htmlspecialchars($val[1]);
         echo '</div>';
         echo '</div>' . "\n";
     }
-- 
2.11.4.GIT