[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_0BETA2-1460-gf57daa0

The branch, master has been updated via f57daa0a59a0058a4b3be1bbdf1577b59d7d697a (commit) from acf2e0a0340bfca162120c08b29f85e763cf08a5 (commit) - Log ----------------------------------------------------------------- commit f57daa0a59a0058a4b3be1bbdf1577b59d7d697a Author: Herman van Rink <rink(a)initfour.nl> Date: Wed Jan 26 11:36:10 2011 +0100 Fix XSS problem, regression in the 3.4 branch. Dev releases until -beta2 are vulnerable. Thanks to Aung Khant from YGN Ethical Hacker Group (http://yehg.net/) for reporting this issue. ----------------------------------------------------------------------- Summary of changes: libraries/header.inc.php | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/libraries/header.inc.php b/libraries/header.inc.php index 6ce37b8..dee9b15 100644 --- a/libraries/header.inc.php +++ b/libraries/header.inc.php @@ -121,7 +121,7 @@ if (!$GLOBALS['is_ajax_request']) { printf($item, $GLOBALS['cfg']['DefaultTabDatabase'], PMA_generate_common_url($GLOBALS['db']), - $GLOBALS['db'], + htmlspecialchars($GLOBALS['db']), __('Database'), 's_tbl.png'); // if the table is being dropped, $_REQUEST['purge'] is set hooks/post-receive -- phpMyAdmin