[Phpmyadmin-devel] Fixed XSS in unreleased RecentTable class
Aris Feryanto
aris_feryanto at yahoo.com
Tue Jul 5 15:59:13 CEST 2011
Hi,
----- Original Message -----
> From: Herman van Rink <rink at initfour.nl>
>
> Dear students/developers,
>
> Below is a small example of new code that has a vulnerability.
> Please lookout for places where you use ANY data that comes from the
> user, either through the web or through a database.
> In this case a table name.
> Luckily this has not yet been included in a release...
>
>
> diff --git a/libraries/RecentTable.class.php
> b/libraries/RecentTable.class.php
> index f844bbc..bfb6081 100644
> --- a/libraries/RecentTable.class.php
> +++ b/libraries/RecentTable.class.php
> @@ -142,7 +142,7 @@ class PMA_RecentTable
> $html = '<option value="">(' . __('Recent
> tables') . ')
> ...</option>';
> if (count($this->tables)) {
> foreach ($this->tables as $table) {
> - $html .= '<option value="' . $table .
> '">' . $table .
> '</option>';
> + $html .= '<option value="' .
> htmlspecialchars($table) .
> '">' . htmlspecialchars($table) . '</option>';
> }
> } else {
> $html .= '<option value="">' .
> __('There are no recent
> tables') . '</option>';
> @@ -158,7 +158,7 @@ class PMA_RecentTable
> public function getHtmlSelect()
> {
> $html = '<input type="hidden" name="goto"
> id="LeftDefaultTabTable" value="' .
> - $GLOBALS['cfg']['LeftDefaultTabTable']
> . '" />';
> +
> htmlspecialchars($GLOBALS['cfg']['LeftDefaultTabTable']) .
> '" />';
> $html .= '<select name="table"
> id="recentTable">';
> $html .= $this->getHtmlSelectOption();
> $html .= '</select>';
>
Thanks for fixing this. I'll remember it next time.
--
Aris Feryanto
More information about the Developers
mailing list