[Phpmyadmin-devel] Grid editing and escaping
michal at cihar.com
Fri Aug 19 14:14:10 CEST 2011
Dne Fri, 19 Aug 2011 08:00:31 -0400
Marc Delisle <marc at infomarc.info> napsal(a):
> Aris Feryanto a écrit :
> > On 19 Agu 2011, at 15:36, Aris Feryanto <aris_feryanto at yahoo.com>
> > wrote:
> >> Hi Michal,
> >>> From: Michal Čihař <michal at cihar.com>
> >>> Hi
> >>> it looks like grid editing does not properly handle escaping HTML
> >>> entities. Just try importing test/test_data/exploit_test.sql and
> >>> edit any row in exploit_test.evil_content.
> >> Thank you for pointing this out. I fixed this in my git.
> Ok but I believe I've seen a recent commit by Michal that fixed this
> kind of problem in a quicker way; it was about using .html(x) instead of
> .text(x) or the reverse :)
> Michal, can you enlighten us?
It was on security list for inline editing :-).
Michal Čihař | http://cihar.com | http://phpmyadmin.cz
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: not available
More information about the Developers