[Phpmyadmin-devel] Grid editing and escaping
Marc Delisle
marc at infomarc.info
Fri Aug 19 14:00:31 CEST 2011
Aris Feryanto a écrit :
> On 19 Agu 2011, at 15:36, Aris Feryanto <aris_feryanto at yahoo.com>
> wrote:
>
>> Hi Michal,
>>
>>> From: Michal Čihař <michal at cihar.com>
>>>
>>> Hi
>>>
>>> it looks like grid editing does not properly handle escaping HTML
>>> entities. Just try importing test/test_data/exploit_test.sql and
>>> edit any row in exploit_test.evil_content.
>>>
>> Thank you for pointing this out. I fixed this in my git.
Ok but I believe I've seen a recent commit by Michal that fixed this
kind of problem in a quicker way; it was about using .html(x) instead of
.text(x) or the reverse :)
Michal, can you enlighten us?
>>
>
>
> I also change the way of grid editing a bit. For normal text, the
> grid editing is shown without 'edit area' (bigger editing area under
> the edited cell) anymore. I think this is better than having two
> input field for one edited cell.
Yes it's better. Will merge later; waiting to see if there is a better
fix for the HTML entities escaping.
>
>
> -- Aris Feryanto
>
> ------------------------------------------------------------------------------
> Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user
> administration capabilities and model configuration. Take the hassle
> out of deploying and managing Subversion and the tools developers use
> with it. http://p.sf.net/sfu/wandisco-d2d-2
> _______________________________________________ Phpmyadmin-devel
> mailing list Phpmyadmin-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
--
Marc Delisle
http://infomarc.info
More information about the Developers
mailing list