$NetBSD: patch-CVE-2010-4480-2,v 1.1 2011/01/27 13:45:55 tron Exp $

Fix for CVE-2010-4480 taken from the phpMyAdmin GIT repository:

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b01a58118f973f98ab99a4bb28d340af49fa251f

--- libraries/core.lib.php.orig	2010-11-29 17:18:35.000000000 +0000
+++ libraries/core.lib.php	2011-01-27 13:21:56.000000000 +0000
@@ -241,18 +241,18 @@
     $error_message = strtr($error_message, array('<br />' => '[br]'));
 
     // Displays the error message
-    // (do not use &amp; for parameters sent by header)
-    header('Location: ' . (defined('PMA_SETUP') ? '../' : '') . 'error.php'
-            . '?lang='  . urlencode($GLOBALS['available_languages'][$GLOBALS['lang']][2])
-            . '&dir='   . urlencode($GLOBALS['text_dir'])
-            . '&type='  . urlencode($GLOBALS['strError'])
-            . '&error=' . urlencode($error_message));
+    $lang = $GLOBALS['available_languages'][$GLOBALS['lang']][2];
+    $dir = $GLOBALS['text_dir'];
+    $type = $GLOBALS['strError'];
+    $error = $error_message;
 
     // on fatal errors it cannot hurt to always delete the current session
     if (isset($GLOBALS['session_name']) && isset($_COOKIE[$GLOBALS['session_name']])) {
         PMA_removeCookie($GLOBALS['session_name']);
     }
 
+    require('./libraries/error.inc.php');
+
     exit;
 }
 
