The branch, QA_3_4 has been updated
via ba255de1b263ca9b86014414b131ec79e621b28c (commit)
via 0e707906e69ce90c4852a0fce2a0fac7db86a3cd (commit)
via bd3735ba584e7a49aee78813845245354b061f61 (commit)
from c93200a5bca1e8eefb07ed7420fe5ba12a57ed3b (commit)
- Log -----------------------------------------------------------------
commit ba255de1b263ca9b86014414b131ec79e621b28c
Merge: c93200a 0e70790
Author: Marc Delisle <marc(a)infomarc.info>
Date: Wed Dec 14 07:54:50 2011 -0500
Fix merge conflicts
commit 0e707906e69ce90c4852a0fce2a0fac7db86a3cd
Author: Michal Čihař <mcihar(a)suse.cz>
Date: Tue Dec 13 12:42:39 2011 -0500
[security] Self-XSS in setup (host parameter), see PMASA-2011-19
commit bd3735ba584e7a49aee78813845245354b061f61
Author: Dieter Adriaenssens <ruleant(a)users.sourceforge.net>
Date: Sat Dec 10 17:10:41 2011 +0100
[security] Self-XSS on export options (export server/database/table), see
PMASA-2011-20
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 2 ++
libraries/config/ConfigFile.class.php | 2 +-
libraries/display_export.lib.php | 6 +++---
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 5eb0138..bcb8ddb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,8 @@ phpMyAdmin - ChangeLog
- bug #3449659 [navi] Fast filter broken with table tree
- bug #3448485 [GUI] Firefox favicon frameset regression
- [core] Better compatibility with mysql extension
+- [security] Self-XSS on export options (export server/database/table), see
PMASA-2011-20
+- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
3.4.8.0 (2011-12-01)
- bug #3425230 [interface] enum data split at space char (more space to edit)
diff --git a/libraries/config/ConfigFile.class.php
b/libraries/config/ConfigFile.class.php
index 9e1690c..178a184 100644
--- a/libraries/config/ConfigFile.class.php
+++ b/libraries/config/ConfigFile.class.php
@@ -425,7 +425,7 @@ class ConfigFile
return htmlspecialchars($verbose);
}
$host = $this->get("Servers/$id/host");
- return empty($host) ? 'localhost' : $host;
+ return empty($host) ? 'localhost' : htmlspecialchars($host);
}
/**
diff --git a/libraries/display_export.lib.php b/libraries/display_export.lib.php
index a58a441..e740c2e 100644
--- a/libraries/display_export.lib.php
+++ b/libraries/display_export.lib.php
@@ -150,10 +150,10 @@ if(isset($_GET['sql_query'])) {
echo '<label for ="radio_allrows_0">' .
__('Dump some row(s)') . '</label>'; ?>
<ul>
<li><label for="limit_to"><?php echo
__('Number of rows:') . '</label> <input type="text"
id="limit_to" name="limit_to" size="5" value="'
- . ((isset($_GET['limit_to'])) ? $_GET['limit_to'] :
((isset($unlim_num_rows) ? $unlim_num_rows : PMA_Table::countRecords($db, $table))))
+ . ((isset($_GET['limit_to'])) ?
htmlspecialchars($_GET['limit_to']) : ((isset($unlim_num_rows) ? $unlim_num_rows :
PMA_Table::countRecords($db, $table))))
. '" onfocus="this.select()" />'
?></li>
<li><label for="limit_from"><?php echo
__('Row to begin at:') . '</label> <input type="text"
id="limit_from" name="limit_from" value="'
- . ((isset($_GET['limit_from'])) ? $_GET['limit_from'] :
'0')
+ . ((isset($_GET['limit_from'])) ?
htmlspecialchars($_GET['limit_from']) : '0')
. '" size="5" onfocus="this.select()"
/>'; ?></li>
</ul>
</li>
@@ -242,7 +242,7 @@ if(isset($_GET['sql_query'])) {
<?php
echo ' value="';
if(isset($_GET['filename_template'])) {
- echo $_GET['filename_template'];
+ echo htmlspecialchars($_GET['filename_template']);
} else {
if ($export_type == 'database') {
echo
htmlspecialchars($GLOBALS['PMA_Config']->getUserValue(
hooks/post-receive
--
phpMyAdmin
Show replies by date