[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_3_7-10226-g35cf83b
Michal Čihař
nijel at users.sourceforge.net
Tue Sep 21 10:30:52 CEST 2010
The branch, master has been updated
via 35cf83bc12805c230f71c31653fd50c8751e32d7 (commit)
via 4b313daa7a9c70c64a50a1786a5350876cb48c49 (commit)
from 8f2546271cff3a91434cefbc77f9cf56d5e42168 (commit)
- Log -----------------------------------------------------------------
commit 35cf83bc12805c230f71c31653fd50c8751e32d7
Merge: 8f2546271cff3a91434cefbc77f9cf56d5e42168 4b313daa7a9c70c64a50a1786a5350876cb48c49
Author: Michal Čihař <mcihar at novell.com>
Date: Tue Sep 21 10:30:19 2010 +0200
Merge remote branch 'knittl/inline-edit-xss'
commit 4b313daa7a9c70c64a50a1786a5350876cb48c49
Author: Daniel Knittl-Frank <knittl89+git at googlemail.com>
Date: Mon Sep 20 18:12:05 2010 +0200
Fix persistent XSS in table browsing mode
$where_clause was used instead of escaped $where_clause_html. This would
only come into play when a string field was contained in the index (and
thus used in the where clause).
Signed-off-by: Daniel Knittl-Frank <knittl89+git at googlemail.com>
-----------------------------------------------------------------------
Summary of changes:
libraries/display_tbl.lib.php | 2 +-
libraries/display_tbl_links.lib.php | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libraries/display_tbl.lib.php b/libraries/display_tbl.lib.php
index a57c909..3520257 100644
--- a/libraries/display_tbl.lib.php
+++ b/libraries/display_tbl.lib.php
@@ -1457,7 +1457,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
}
if( !empty($where_clause) ) {
- $vertical_display['where_clause'][$row_no] = '<input type="hidden" class="where_clause" value ="' . $where_clause . '" />';
+ $vertical_display['where_clause'][$row_no] = '<input type="hidden" class="where_clause" value ="' . $where_clause_html . '" />';
}
else {
unset($vertical_display['where_clause'][$row_no]);
diff --git a/libraries/display_tbl_links.lib.php b/libraries/display_tbl_links.lib.php
index a8511fe..d261fd0 100644
--- a/libraries/display_tbl_links.lib.php
+++ b/libraries/display_tbl_links.lib.php
@@ -61,6 +61,6 @@ if ($doWriteModifyAt == 'left') {
* Used by jQuery scripts for handling inline editing
*/
if( !empty($where_clause)) {
- echo '<input type="hidden" class="where_clause" value ="' . $where_clause . '" />';
+ echo '<input type="hidden" class="where_clause" value ="' . $where_clause_html . '" />';
}
?>
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list