Comment 5 for bug 392324

This bug seems still exploitable.
A friend of mine has PhpMyAdmin-4:3.1.2-1ubuntu0.1 running on Ubuntu 9.04 and got hacked today.
After some time i found the exploit.
It used this issue to break in:
http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php

The security update for the issue contains only this patch:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12248&r2=12301&pathrev=12342

But NOT:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12342&r2=12341&pathrev=12342

A review of this issue is needed.

Cheers,
//richard