The branch, master has been updated
via c555fc1b347dd25b02ce2e586d2d76c7c6b3d216 (commit)
via ba255de1b263ca9b86014414b131ec79e621b28c (commit)
via 0e707906e69ce90c4852a0fce2a0fac7db86a3cd (commit)
via bd3735ba584e7a49aee78813845245354b061f61 (commit)
from 9bf4527ab422d1594bb77a2eed5773dafbbfb3bd (commit)
- Log -----------------------------------------------------------------
commit c555fc1b347dd25b02ce2e586d2d76c7c6b3d216
Merge: 9bf4527 ba255de
Author: Marc Delisle <marc(a)infomarc.info>
Date: Wed Dec 14 08:00:51 2011 -0500
Fix merge conflicts
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 2 ++
libraries/config/ConfigFile.class.php | 2 +-
libraries/display_export.lib.php | 6 +++---
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 7f9d873..d3b47a3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -76,6 +76,8 @@ phpMyAdmin - ChangeLog
- bug #3449659 [navi] Fast filter broken with table tree
- bug #3448485 [GUI] Firefox favicon frameset regression
- [core] Better compatibility with mysql extension
+- [security] Self-XSS on export options (export server/database/table), see
PMASA-2011-20
+- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
3.4.8.0 (2011-12-01)
- bug #3425230 [interface] enum data split at space char (more space to edit)
diff --git a/libraries/config/ConfigFile.class.php
b/libraries/config/ConfigFile.class.php
index dfe2235..dffa62d 100644
--- a/libraries/config/ConfigFile.class.php
+++ b/libraries/config/ConfigFile.class.php
@@ -417,7 +417,7 @@ class ConfigFile
return htmlspecialchars($verbose);
}
$host = $this->get("Servers/$id/host");
- return empty($host) ? 'localhost' : $host;
+ return empty($host) ? 'localhost' : htmlspecialchars($host);
}
/**
diff --git a/libraries/display_export.lib.php b/libraries/display_export.lib.php
index 7a5824e..db87a99 100644
--- a/libraries/display_export.lib.php
+++ b/libraries/display_export.lib.php
@@ -152,10 +152,10 @@ if (isset($_GET['sql_query'])) {
echo '<label for ="radio_allrows_0">' .
__('Dump some row(s)') . '</label>'; ?>
<ul>
<li><label for="limit_to"><?php echo
__('Number of rows:') . '</label> <input type="text"
id="limit_to" name="limit_to" size="5" value="'
- . ((isset($_GET['limit_to'])) ? $_GET['limit_to'] :
((isset($unlim_num_rows) ? $unlim_num_rows : PMA_Table::countRecords($db, $table))))
+ . ((isset($_GET['limit_to'])) ?
htmlspecialchars($_GET['limit_to']) : ((isset($unlim_num_rows) ? $unlim_num_rows :
PMA_Table::countRecords($db, $table))))
. '" onfocus="this.select()" />'
?></li>
<li><label for="limit_from"><?php echo
__('Row to begin at:') . '</label> <input type="text"
id="limit_from" name="limit_from" value="'
- . ((isset($_GET['limit_from'])) ? $_GET['limit_from'] :
'0')
+ . ((isset($_GET['limit_from'])) ?
htmlspecialchars($_GET['limit_from']) : '0')
. '" size="5" onfocus="this.select()"
/>'; ?></li>
</ul>
</li>
@@ -244,7 +244,7 @@ if (isset($_GET['sql_query'])) {
<?php
echo ' value="';
if (isset($_GET['filename_template'])) {
- echo $_GET['filename_template'];
+ echo htmlspecialchars($_GET['filename_template']);
} else {
if ($export_type == 'database') {
echo
htmlspecialchars($GLOBALS['PMA_Config']->getUserValue(
hooks/post-receive
--
phpMyAdmin