[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_3, updated. RELEASE_3_3_8-19-gb1103e2

Marc Delisle lem9 at users.sourceforge.net
Fri Nov 26 15:13:14 CET 2010 

The branch, QA_3_3 has been updated
       via  b1103e2db99405d032a230ed50f0b88b799605a3 (commit)
       via  f805097b86fabd3d4c8dff1f2324efdae1ca0d70 (commit)
      from  d6a7bd40faa240c23016ce482c36650294faa13e (commit)


- Log -----------------------------------------------------------------
commit b1103e2db99405d032a230ed50f0b88b799605a3
Author: Marc Delisle <marc at infomarc.info>
Date:   Fri Nov 26 09:07:19 2010 -0500

    fix merge conflicts

commit f805097b86fabd3d4c8dff1f2324efdae1ca0d70
Author: Herman van Rink <rink at initfour.nl>
Date:   Thu Nov 25 11:50:50 2010 +0100

    bug #3115519: fixed XSS on search

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                |    6 +++---
 libraries/common.lib.php |    2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 65fed96..41c784f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - patch #3117535 [replication] Add quotes to database in initial statement,
   thanks to Craig Duncan - duncan3dc
 
+3.3.8.1 (2010-10-26)
+- bug #3115519 (private) [security] XSS on db search
+
 3.3.8.0 (2010-10-25)
 - bug #3059311 [import] BIGINT field type added to table analysis
 - [core] Update library PHPExcel to version 1.7.4
@@ -27,9 +30,6 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 3.3.7.0 (2010-09-07)
 - patch #3050492 [PDF scratchboard] Cannot drag table box to the edge after
   a page size increase, thanks to Martin Schönberger - mad05
-- bug #3054458 [core] Fixed displaying number of rows.
-- bug #3035300 [parser] Fixed wrong definition of keywords.
-- [setup] Fixed escaping of server name.
 
 3.3.6.0 (2010-08-28)
 - bug #3033063 [core] Navi gets wrong db name
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index 610438c..b926e92 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -1634,7 +1634,7 @@ function PMA_linkOrButton($url, $message, $tag_params = array(),
         $tmp = $tag_params;
         $tag_params = array();
         if (!empty($tmp)) {
-            $tag_params['onclick'] = 'return confirmLink(this, \'' . $tmp . '\')';
+            $tag_params['onclick'] = 'return confirmLink(this, \'' . PMA_escapeJsString($tmp) . '\')';
         }
         unset($tmp);
     }


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list