26 Nov
2010
26 Nov
'10
5:13 p.m.
The branch, master has been updated
via 87fa9bd524efe78c45d79f05ccec83612e03c9e4 (commit)
via 6d3b66059afe25da2bb1df00bdac76829f2f940d (commit)
from e356354c44323407dc5c2626117b1aa924365049 (commit)
- Log -----------------------------------------------------------------
commit 87fa9bd524efe78c45d79f05ccec83612e03c9e4
Author: Marc Delisle <marc(a)infomarc.info>
Date: Fri Nov 26 09:03:22 2010 -0500
ChangeLog for XSS fix
commit 6d3b66059afe25da2bb1df00bdac76829f2f940d
Author: Herman van Rink <rink(a)initfour.nl>
Date: Thu Nov 25 11:50:50 2010 +0100
bug #3115519: fixed XSS on search
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 +++---
libraries/common.lib.php | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 19b3110..f01a96b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -132,6 +132,9 @@
- patch #3117535 [replication] Add quotes to database in initial statement,
thanks to Craig Duncan - duncan3dc
+3.3.8.1 (2010-10-26)
+- bug #3115519 (private) [security] XSS on db search
+
3.3.8.0 (2010-10-25)
- bug #3059311 [import] BIGINT field type added to table analysis
- [core] Update library PHPExcel to version 1.7.4
@@ -145,9 +148,6 @@
3.3.7.0 (2010-09-07)
- patch #3050492 [PDF scratchboard] Cannot drag table box to the edge after
a page size increase, thanks to Martin Schönberger - mad05
-- bug #3054458 [core] Fixed displaying number of rows.
-- bug #3035300 [parser] Fixed wrong definition of keywords.
-- [setup] Fixed escaping of server name.
3.3.6.0 (2010-08-28)
- bug #3033063 [core] Navi gets wrong db name
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index ec5100f..4b194de 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -1769,7 +1769,7 @@ function PMA_linkOrButton($url, $message, $tag_params = array(),
$tmp = $tag_params;
$tag_params = array();
if (!empty($tmp)) {
- $tag_params['onclick'] = 'return confirmLink(this, \'' .
$tmp . '\')';
+ $tag_params['onclick'] = 'return confirmLink(this, \'' .
PMA_escapeJsString($tmp) . '\')';
}
unset($tmp);
}
hooks/post-receive
--
phpMyAdmin