[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_0BETA2-1460-gf57daa0

26 Jan 2011

The branch, master has been updated
       via  f57daa0a59a0058a4b3be1bbdf1577b59d7d697a (commit)
      from  acf2e0a0340bfca162120c08b29f85e763cf08a5 (commit)
- Log -----------------------------------------------------------------
commit f57daa0a59a0058a4b3be1bbdf1577b59d7d697a
Author: Herman van Rink rink@initfour.nl
Date:   Wed Jan 26 11:36:10 2011 +0100
Fix XSS problem, regression in the 3.4 branch.
    Dev releases until -beta2 are vulnerable.
    Thanks to Aung Khant from YGN Ethical Hacker Group (http://yehg.net/) for reporting this issue.
-----------------------------------------------------------------------
Summary of changes:
 libraries/header.inc.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libraries/header.inc.php b/libraries/header.inc.php
index 6ce37b8..dee9b15 100644
--- a/libraries/header.inc.php
+++ b/libraries/header.inc.php
@@ -121,7 +121,7 @@ if (!$GLOBALS['is_ajax_request']) {
                     printf($item,
                             $GLOBALS['cfg']['DefaultTabDatabase'],
                             PMA_generate_common_url($GLOBALS['db']),
-                            $GLOBALS['db'],
+                            htmlspecialchars($GLOBALS['db']),
                             __('Database'),
                             's_tbl.png');
                     // if the table is being dropped, $_REQUEST['purge'] is set
hooks/post-receive
-- 
phpMyAdmin


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_0BETA2-1460-gf57daa0