[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_0BETA2-1460-gf57daa0
Herman van Rink
helmo at users.sourceforge.net
Wed Jan 26 11:41:02 CET 2011
The branch, master has been updated
via f57daa0a59a0058a4b3be1bbdf1577b59d7d697a (commit)
from acf2e0a0340bfca162120c08b29f85e763cf08a5 (commit)
- Log -----------------------------------------------------------------
commit f57daa0a59a0058a4b3be1bbdf1577b59d7d697a
Author: Herman van Rink <rink at initfour.nl>
Date: Wed Jan 26 11:36:10 2011 +0100
Fix XSS problem, regression in the 3.4 branch.
Dev releases until -beta2 are vulnerable.
Thanks to Aung Khant from YGN Ethical Hacker Group (http://yehg.net/) for reporting this issue.
-----------------------------------------------------------------------
Summary of changes:
libraries/header.inc.php | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libraries/header.inc.php b/libraries/header.inc.php
index 6ce37b8..dee9b15 100644
--- a/libraries/header.inc.php
+++ b/libraries/header.inc.php
@@ -121,7 +121,7 @@ if (!$GLOBALS['is_ajax_request']) {
printf($item,
$GLOBALS['cfg']['DefaultTabDatabase'],
PMA_generate_common_url($GLOBALS['db']),
- $GLOBALS['db'],
+ htmlspecialchars($GLOBALS['db']),
__('Database'),
's_tbl.png');
// if the table is being dropped, $_REQUEST['purge'] is set
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list