The branch, master has been updated via b3dd0a8dd27be5c12111bbe2dd32aa8d208424a7 (commit) via 6944ee44cecc53d104b341a31094b6bfba13f3af (commit) via 3bd3f60b288ff841028ce8258006e33edeee562a (commit) via 7602e1593c1565b4dbd90df13fd162cee6546798 (commit) via e49ab1bfe13119633c6bf94eb7439ecb0d28841d (commit) via bbccc368173294f8d713a0f4dbfca28560811b33 (commit) from e252eeb1fcf1da035d7944ad19c7ac2527287484 (commit)
- Log ----------------------------------------------------------------- commit b3dd0a8dd27be5c12111bbe2dd32aa8d208424a7 Merge: e252eeb1fcf1da035d7944ad19c7ac2527287484 6944ee44cecc53d104b341a31094b6bfba13f3af Author: Marc Delisle marc@infomarc.info Date: Mon Jun 20 10:19:33 2011 -0400
Merge from QA_3_4
-----------------------------------------------------------------------
Summary of changes: ChangeLog | 1 + enum_editor.php | 6 +++--- server_replication.php | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/ChangeLog b/ChangeLog index bed0b3c..2fd659e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,7 @@ phpMyAdmin - ChangeLog - patch #3317206 [privileges] Generate password option missing on new accounts - bug #3317293 [edit] Inline edit places HTML line breaks in edit area - bug #3319466 [interface] Inline query edit does not escape special characters +- minor XSS (require a valid token)
3.4.2.0 (2011-06-07) - bug #3301249 [interface] Iconic table operations does not remove inline edit label diff --git a/enum_editor.php b/enum_editor.php index 088275f..586e85e 100644 --- a/enum_editor.php +++ b/enum_editor.php @@ -57,8 +57,8 @@ require_once './libraries/header_meta_style.inc.php'; <?php echo __('+ Restart insertion and add a new value'); ?> </a> </p> - <input type="hidden" name="token" value="<?php echo $_GET['token']; ?>" /> - <input type="hidden" name="field" value="<?php echo $_GET['field']; ?>" /> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_GET['token']); ?>" /> + <input type="hidden" name="field" value="<?php echo htmlspecialchars($_GET['field']); ?>" /> <input type="hidden" name="num_fields" value="<?php echo $total_fields; ?>" /> <input type="submit" value="<?php echo __('Go'); ?>" /> </form> @@ -66,7 +66,7 @@ require_once './libraries/header_meta_style.inc.php'; <div id="enum_editor_output"> <h3><?php echo __('Output'); ?></h3> <p><?php echo __('Copy and paste the joined values into the "Length/Values" field'); ?></p> - <textarea id="joined_values" cols="95" rows="5"><?php echo join(",", $values); ?></textarea> + <textarea id="joined_values" cols="95" rows="5"><?php echo htmlspecialchars(join(",", $values)); ?></textarea> </div> </div> </body> diff --git a/server_replication.php b/server_replication.php index 8c0ed93..511af06 100644 --- a/server_replication.php +++ b/server_replication.php @@ -53,7 +53,7 @@ if (isset($GLOBALS['sr_take_action'])) {
if (! $link_to_master) { $_SESSION['replication']['sr_action_status'] = 'error'; - $_SESSION['replication']['sr_action_info'] = sprintf(__('Unable to connect to master %s.'), $sr['hostname']); + $_SESSION['replication']['sr_action_info'] = sprintf(__('Unable to connect to master %s.'), htmlspecialchars($sr['hostname'])); } else { // Read the current master position $position = PMA_replication_slave_bin_log_master($link_to_master); @@ -69,7 +69,7 @@ if (isset($GLOBALS['sr_take_action'])) { $_SESSION['replication']['sr_action_info'] = __('Unable to change master'); } else { $_SESSION['replication']['sr_action_status'] = 'success'; - $_SESSION['replication']['sr_action_info'] = sprintf(__('Master server changed successfully to %s'), $sr['hostname']); + $_SESSION['replication']['sr_action_info'] = sprintf(__('Master server changed successfully to %s'), htmlspecialchars($sr['hostname'])); } } }
hooks/post-receive
-
Marc Delisle