The branch, MAINT_2_11_11 has been updated via 21f624a26574fd45c043ddd27bf5a190b80c2757 (commit) via e1f4901ffc400b6d2df15eac0ba5015fe48a27c4 (commit) from e6aeaf1925be0804e068d50b8c193d8b13f80ced (commit)

- Log ----------------------------------------------------------------- commit 21f624a26574fd45c043ddd27bf5a190b80c2757 Author: Marc Delisle marc@infomarc.info Date: Fri Nov 26 08:51:46 2010 -0500

ChangeLog for XSS search

commit e1f4901ffc400b6d2df15eac0ba5015fe48a27c4 Author: Herman van Rink rink@initfour.nl Date: Thu Nov 25 11:50:50 2010 +0100

bug #3115519: fixed XSS on search

-----------------------------------------------------------------------

Summary of changes: ChangeLog | 3 +++ libraries/common.lib.php | 2 +- 2 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog index ff8b9dd..6cb1ab2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog $Id$ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/C... $

+2.11.11.1 (2010-11-26) +- bug #3115519 (private) [security] XSS on db search + 2.11.11.0 (2010-09-07) - [core] Fix broken cleanup of $_GET - bug #3054458 [core] Fixed displaying number of rows. diff --git a/libraries/common.lib.php b/libraries/common.lib.php index 716af94..4dcbe8e 100644 --- a/libraries/common.lib.php +++ b/libraries/common.lib.php @@ -1644,7 +1644,7 @@ function PMA_linkOrButton($url, $message, $tag_params = array(), $tmp = $tag_params; $tag_params = array(); if (!empty($tmp)) { - $tag_params['onclick'] = 'return confirmLink(this, '' . $tmp . '')'; + $tag_params['onclick'] = 'return confirmLink(this, '' . PMA_escapeJsString($tmp) . '')'; } unset($tmp); }

hooks/post-receive