[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_4-18606-g85fc658

The branch, master has been updated via 85fc658f3146d245d88d29085f98c62e686eee13 (commit) via b0ef11932a56b413cfb7accc69fc1e83ea051196 (commit) via c5a641961861f3e82b282582c1b86222d73409bf (commit) via bda213c58aec44925be661acb0e76c19483ea170 (commit) via 2f28ce9c800274190418da0945ce3647d36e1db6 (commit) via 4039683ab3ca63c979948e02345b6d38452f8dee (commit) from d6303215118e73062ac3749f893ab9630a948816 (commit)

- Log ----------------------------------------------------------------- commit 85fc658f3146d245d88d29085f98c62e686eee13 Author: Marc Delisle marc@infomarc.info Date: Thu Sep 8 15:54:36 2011 -0400

Missing function after merging

commit b0ef11932a56b413cfb7accc69fc1e83ea051196 Merge: d630321 c5a6419 Author: Marc Delisle marc@infomarc.info Date: Thu Sep 8 15:44:07 2011 -0400

Merge branch 'QA_3_4'

-----------------------------------------------------------------------

Summary of changes: ChangeLog | 2 ++ js/functions.js | 16 ++++++++++++++-- js/tbl_structure.js | 4 ++-- 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog index c22bfe9..01d1357 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,8 @@ phpMyAdmin - ChangeLog - [export] Remove native Excel export modules (xls and xlsx formats) - [import] Remove native Excel import modules (xls and xlsx formats) - bug #3392920 [edit] BLOB emptied after editing another column +- [security] Fixed XSS in Inline Edit on save action, see PMASA-2011-14 +- [security] Fixed XSS with db/table/column names, see PMASA-2011-14

3.4.4.0 (2011-08-24) - bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes diff --git a/js/functions.js b/js/functions.js index c63a3d0..b27dcc4 100644 --- a/js/functions.js +++ b/js/functions.js @@ -199,7 +199,7 @@ function selectContent( element, lock, only_once ) }

/** - * Displays a confirmation box before to submit a "DROP/DELETE/ALTER" query. + * Displays a confirmation box before submitting a "DROP/DELETE/ALTER" query. * This function is called while clicking links * * @param object the link @@ -2246,7 +2246,7 @@ $(document).ready(function() { /** * @var question String containing the question to be asked for confirmation */ - var question = PMA_messages['strDropDatabaseStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'DROP DATABASE ' + window.parent.db; + var question = PMA_messages['strDropDatabaseStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'DROP DATABASE ' + escapeHtml(window.parent.db);

$(this).PMA_confirm(question, $(this).attr('href') ,function(url) {

@@ -3374,3 +3374,15 @@ function PMA_clearSelection() { if(sel.removeAllRanges) sel.removeAllRanges(); } } + +/** + * HTML escaping + */ +function escapeHtml(unsafe) { + return unsafe + .replace(/&/g, "&amp;") + .replace(/</g, "&lt;") + .replace(/>/g, "&gt;") + .replace(/"/g, "&quot;") + .replace(/'/g, "&#039;"); +} diff --git a/js/tbl_structure.js b/js/tbl_structure.js index 63fa60f..bdcf1ee 100644 --- a/js/tbl_structure.js +++ b/js/tbl_structure.js @@ -44,7 +44,7 @@ $(document).ready(function() { /** * @var question String containing the question to be asked for confirmation */ - var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + curr_table_name + '` DROP `' + curr_column_name + '`'; + var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + escapeHtml(curr_table_name) + '` DROP `' + escapeHtml(curr_column_name) + '`';

$(this).PMA_confirm(question, $(this).attr('href'), function(url) {

@@ -83,7 +83,7 @@ $(document).ready(function() { /** * @var question String containing the question to be asked for confirmation */ - var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + curr_table_name + '` ADD PRIMARY KEY(`' + curr_column_name + '`)'; + var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + escapeHtml(curr_table_name) + '` ADD PRIMARY KEY(`' + escapeHtml(curr_column_name) + '`)';

$(this).PMA_confirm(question, $(this).attr('href'), function(url) {

hooks/post-receive