[Phpmyadmin-devel] Grid editing and escaping
Marc Delisle
marc at infomarc.info
Fri Aug 19 14:20:45 CEST 2011
Michal Čihař a écrit :
> Hi
>
> Dne Fri, 19 Aug 2011 08:00:31 -0400
> Marc Delisle <marc at infomarc.info> napsal(a):
>
>> Aris Feryanto a écrit :
>>> On 19 Agu 2011, at 15:36, Aris Feryanto <aris_feryanto at yahoo.com>
>>> wrote:
>>>
>>>> Hi Michal,
>>>>
>>>>> From: Michal Čihař <michal at cihar.com>
>>>>>
>>>>> Hi
>>>>>
>>>>> it looks like grid editing does not properly handle escaping HTML
>>>>> entities. Just try importing test/test_data/exploit_test.sql and
>>>>> edit any row in exploit_test.evil_content.
>>>>>
>>>> Thank you for pointing this out. I fixed this in my git.
>> Ok but I believe I've seen a recent commit by Michal that fixed this
>> kind of problem in a quicker way; it was about using .html(x) instead of
>> .text(x) or the reverse :)
>>
>> Michal, can you enlighten us?
>
> It was on security list for inline editing :-).
It was not a commit?
--
Marc Delisle
http://infomarc.info
More information about the Developers
mailing list