The branch, MAINT_3_4_5 has been updated
via 2f28ce9c800274190418da0945ce3647d36e1db6 (commit)
from 4039683ab3ca63c979948e02345b6d38452f8dee (commit)
- Log -----------------------------------------------------------------
commit 2f28ce9c800274190418da0945ce3647d36e1db6
Author: Herman van Rink <rink(a)initfour.nl>
Date: Fri Aug 19 13:12:04 2011 +0200
[security] Fixed XSS in Inline Edit on save action
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 1 +
js/sql.js | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 20e1751..1376169 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,6 +31,7 @@ phpMyAdmin - ChangeLog
- bug #3374347 [display] Backquotes in normal text on import page
- bug #3358750 [core] With Suhosin, urls are too long in edit links
- [security] Missing sanitization on the table, column and index names leads to XSS
vulnerabilities, see PMASA-2011-13
+- [security] Fixed XSS in Inline Edit on save action
3.4.3.2 (2011-07-23)
- [security] Fixed XSS vulnerability, see PMASA-2011-9
diff --git a/js/sql.js b/js/sql.js
index dbba441..842b6c6 100644
--- a/js/sql.js
+++ b/js/sql.js
@@ -1111,7 +1111,7 @@ function PMA_unInlineEditRow($del_hide, $chg_submit, $this_td,
$input_siblings,
}
}
}
- $this_sibling.html(new_html);
+ $this_sibling.text(new_html);
}
})
}
hooks/post-receive
--
phpMyAdmin