[Phpmyadmin-devel] Fixed XSS in unreleased RecentTable class
Herman van Rink
rink at initfour.nl
Tue Jul 5 15:07:42 CEST 2011
Dear students/developers,
Below is a small example of new code that has a vulnerability.
Please lookout for places where you use ANY data that comes from the
user, either through the web or through a database.
In this case a table name.
Luckily this has not yet been included in a release...
diff --git a/libraries/RecentTable.class.php
b/libraries/RecentTable.class.php
index f844bbc..bfb6081 100644
--- a/libraries/RecentTable.class.php
+++ b/libraries/RecentTable.class.php
@@ -142,7 +142,7 @@ class PMA_RecentTable
$html = '<option value="">(' . __('Recent tables') . ')
...</option>';
if (count($this->tables)) {
foreach ($this->tables as $table) {
- $html .= '<option value="' . $table . '">' . $table .
'</option>';
+ $html .= '<option value="' . htmlspecialchars($table) .
'">' . htmlspecialchars($table) . '</option>';
}
} else {
$html .= '<option value="">' . __('There are no recent
tables') . '</option>';
@@ -158,7 +158,7 @@ class PMA_RecentTable
public function getHtmlSelect()
{
$html = '<input type="hidden" name="goto"
id="LeftDefaultTabTable" value="' .
- $GLOBALS['cfg']['LeftDefaultTabTable'] . '" />';
+
htmlspecialchars($GLOBALS['cfg']['LeftDefaultTabTable']) . '" />';
$html .= '<select name="table" id="recentTable">';
$html .= $this->getHtmlSelectOption();
$html .= '</select>';
--
Met vriendelijke groet / Regards,
Herman van Rink
Initfour websolutions
More information about the Developers
mailing list