[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_2_11, updated. RELEASE_2_11_11-8-g6821353

Marc Delisle lem9 at users.sourceforge.net
Fri Nov 26 15:13:04 CET 2010


The branch, QA_2_11 has been updated
       via  68213538d7b53e3c97b8730a2e6a0e897b8b5ce9 (commit)
       via  3756112c7fbb243a954e96e762e1122b80b71dc4 (commit)
      from  80766a95caae8dec56e52efdb20abfd3867205c5 (commit)


- Log -----------------------------------------------------------------
commit 68213538d7b53e3c97b8730a2e6a0e897b8b5ce9
Author: Marc Delisle <marc at infomarc.info>
Date:   Fri Nov 26 08:55:40 2010 -0500

    fix merge conflicts

commit 3756112c7fbb243a954e96e762e1122b80b71dc4
Author: Herman van Rink <rink at initfour.nl>
Date:   Thu Nov 25 11:50:50 2010 +0100

    bug #3115519: fixed XSS on search

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                |    3 +++
 libraries/common.lib.php |    2 +-
 2 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 056c119..a98d172 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 
 2.11.12.0 (not yet released)
 
+2.11.11.1 (2010-11-26)
+- bug #3115519 (private) [security] XSS on db search
+
 2.11.11.0 (2010-09-07)
 - [core] Fix broken cleanup of $_GET
 - bug #3054458 [core] Fixed displaying number of rows.
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index 716af94..4dcbe8e 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -1644,7 +1644,7 @@ function PMA_linkOrButton($url, $message, $tag_params = array(),
         $tmp = $tag_params;
         $tag_params = array();
         if (!empty($tmp)) {
-            $tag_params['onclick'] = 'return confirmLink(this, \'' . $tmp . '\')';
+            $tag_params['onclick'] = 'return confirmLink(this, \'' . PMA_escapeJsString($tmp) . '\')';
         }
         unset($tmp);
     }


hooks/post-receive
-- 
phpMyAdmin




More information about the Git mailing list