The branch, QA_3_4 has been updated via ba255de1b263ca9b86014414b131ec79e621b28c (commit) via 0e707906e69ce90c4852a0fce2a0fac7db86a3cd (commit) via bd3735ba584e7a49aee78813845245354b061f61 (commit) from c93200a5bca1e8eefb07ed7420fe5ba12a57ed3b (commit)
- Log ----------------------------------------------------------------- commit ba255de1b263ca9b86014414b131ec79e621b28c Merge: c93200a 0e70790 Author: Marc Delisle marc@infomarc.info Date: Wed Dec 14 07:54:50 2011 -0500
Fix merge conflicts
commit 0e707906e69ce90c4852a0fce2a0fac7db86a3cd Author: Michal Čihař mcihar@suse.cz Date: Tue Dec 13 12:42:39 2011 -0500
[security] Self-XSS in setup (host parameter), see PMASA-2011-19
commit bd3735ba584e7a49aee78813845245354b061f61 Author: Dieter Adriaenssens ruleant@users.sourceforge.net Date: Sat Dec 10 17:10:41 2011 +0100
[security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
-----------------------------------------------------------------------
Summary of changes: ChangeLog | 2 ++ libraries/config/ConfigFile.class.php | 2 +- libraries/display_export.lib.php | 6 +++--- 3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 5eb0138..bcb8ddb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ phpMyAdmin - ChangeLog - bug #3449659 [navi] Fast filter broken with table tree - bug #3448485 [GUI] Firefox favicon frameset regression - [core] Better compatibility with mysql extension +- [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20 +- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
3.4.8.0 (2011-12-01) - bug #3425230 [interface] enum data split at space char (more space to edit) diff --git a/libraries/config/ConfigFile.class.php b/libraries/config/ConfigFile.class.php index 9e1690c..178a184 100644 --- a/libraries/config/ConfigFile.class.php +++ b/libraries/config/ConfigFile.class.php @@ -425,7 +425,7 @@ class ConfigFile return htmlspecialchars($verbose); } $host = $this->get("Servers/$id/host"); - return empty($host) ? 'localhost' : $host; + return empty($host) ? 'localhost' : htmlspecialchars($host); }
/** diff --git a/libraries/display_export.lib.php b/libraries/display_export.lib.php index a58a441..e740c2e 100644 --- a/libraries/display_export.lib.php +++ b/libraries/display_export.lib.php @@ -150,10 +150,10 @@ if(isset($_GET['sql_query'])) { echo '<label for ="radio_allrows_0">' . __('Dump some row(s)') . '</label>'; ?> <ul> <li><label for="limit_to"><?php echo __('Number of rows:') . '</label> <input type="text" id="limit_to" name="limit_to" size="5" value="' - . ((isset($_GET['limit_to'])) ? $_GET['limit_to'] : ((isset($unlim_num_rows) ? $unlim_num_rows : PMA_Table::countRecords($db, $table)))) + . ((isset($_GET['limit_to'])) ? htmlspecialchars($_GET['limit_to']) : ((isset($unlim_num_rows) ? $unlim_num_rows : PMA_Table::countRecords($db, $table)))) . '" onfocus="this.select()" />' ?></li> <li><label for="limit_from"><?php echo __('Row to begin at:') . '</label> <input type="text" id="limit_from" name="limit_from" value="' - . ((isset($_GET['limit_from'])) ? $_GET['limit_from'] : '0') + . ((isset($_GET['limit_from'])) ? htmlspecialchars($_GET['limit_from']) : '0') . '" size="5" onfocus="this.select()" />'; ?></li> </ul> </li> @@ -242,7 +242,7 @@ if(isset($_GET['sql_query'])) { <?php echo ' value="'; if(isset($_GET['filename_template'])) { - echo $_GET['filename_template']; + echo htmlspecialchars($_GET['filename_template']); } else { if ($export_type == 'database') { echo htmlspecialchars($GLOBALS['PMA_Config']->getUserValue(
hooks/post-receive
-
Marc Delisle