[Phpmyadmin-devel] Grid editing and escaping - Developers - lists.phpmyadmin.net

newer
[Phpmyadmin-devel] Build failed in...

[Phpmyadmin-devel] Grid editing and escaping

older
[Phpmyadmin-devel] Bug in Ajax...

Michal Čihař

17 Aug 2011 17 Aug '11

2:21 p.m.

Hi it looks like grid editing does not properly handle escaping HTML entities. Just try importing test/test_data/exploit_test.sql and edit any row in exploit_test.evil_content. -- Michal Čihař | http://cihar.com | http://phpmyadmin.cz

Attachments:

signature.asc (application/pgp-signature — 836 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

Aris Feryanto

19 Aug 19 Aug

9:36 a.m.

Hi Michal,

From: Michal Čihař <michal@cihar.com>

Hi

it looks like grid editing does not properly handle escaping HTML entities. Just try importing test/test_data/exploit_test.sql and edit any row in exploit_test.evil_content.

Thank you for pointing this out. I fixed this in my git. -- Aris Feryanto

Reply

Sign in to reply online Use email software

5141

Age (days ago)

5143

Last active (days ago)

Download

1 comments

2 participants

tags

participants (2)

Aris Feryanto
Michal Čihař