[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_2-33-g6944ee4
Marc Delisle
lem9 at users.sourceforge.net
Mon Jun 20 16:20:38 CEST 2011
The branch, QA_3_4 has been updated
via 6944ee44cecc53d104b341a31094b6bfba13f3af (commit)
via 3bd3f60b288ff841028ce8258006e33edeee562a (commit)
via 7602e1593c1565b4dbd90df13fd162cee6546798 (commit)
via e49ab1bfe13119633c6bf94eb7439ecb0d28841d (commit)
via bbccc368173294f8d713a0f4dbfca28560811b33 (commit)
from 6616a6b34c51d11013dc4956507af85de055f50d (commit)
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 1 +
enum_editor.php | 6 +++---
server_replication.php | 3 ++-
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 39fc645..a3a7ff6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,7 @@ phpMyAdmin - ChangeLog
- patch #3317206 [privileges] Generate password option missing on new accounts
- bug #3317293 [edit] Inline edit places HTML line breaks in edit area
- bug #3319466 [interface] Inline query edit does not escape special characters
+- minor XSS (require a valid token)
3.4.2.0 (2011-06-07)
- bug #3301249 [interface] Iconic table operations does not remove inline edit label
diff --git a/enum_editor.php b/enum_editor.php
index 088275f..586e85e 100644
--- a/enum_editor.php
+++ b/enum_editor.php
@@ -57,8 +57,8 @@ require_once './libraries/header_meta_style.inc.php';
<?php echo __('+ Restart insertion and add a new value'); ?>
</a>
</p>
- <input type="hidden" name="token" value="<?php echo $_GET['token']; ?>" />
- <input type="hidden" name="field" value="<?php echo $_GET['field']; ?>" />
+ <input type="hidden" name="token" value="<?php echo htmlspecialchars($_GET['token']); ?>" />
+ <input type="hidden" name="field" value="<?php echo htmlspecialchars($_GET['field']); ?>" />
<input type="hidden" name="num_fields" value="<?php echo $total_fields; ?>" />
<input type="submit" value="<?php echo __('Go'); ?>" />
</form>
@@ -66,7 +66,7 @@ require_once './libraries/header_meta_style.inc.php';
<div id="enum_editor_output">
<h3><?php echo __('Output'); ?></h3>
<p><?php echo __('Copy and paste the joined values into the "Length/Values" field'); ?></p>
- <textarea id="joined_values" cols="95" rows="5"><?php echo join(",", $values); ?></textarea>
+ <textarea id="joined_values" cols="95" rows="5"><?php echo htmlspecialchars(join(",", $values)); ?></textarea>
</div>
</div>
</body>
diff --git a/server_replication.php b/server_replication.php
index 9b7724d..a524591 100644
--- a/server_replication.php
+++ b/server_replication.php
@@ -53,7 +53,7 @@ if (isset($GLOBALS['sr_take_action'])) {
if (! $link_to_master) {
$_SESSION['replication']['sr_action_status'] = 'error';
- $_SESSION['replication']['sr_action_info'] = sprintf(__('Unable to connect to master %s.'), $sr['hostname']);
+ $_SESSION['replication']['sr_action_info'] = sprintf(__('Unable to connect to master %s.'), htmlspecialchars($sr['hostname']));
} else {
// Read the current master position
$position = PMA_replication_slave_bin_log_master($link_to_master);
@@ -70,6 +70,7 @@ if (isset($GLOBALS['sr_take_action'])) {
} else {
$_SESSION['replication']['sr_action_status'] = 'success';
$_SESSION['replication']['sr_action_info'] = sprintf(__('Master server changed succesfully to %s'), $sr['hostname']);
+ $_SESSION['replication']['sr_action_info'] = sprintf(__('Master server changed succesfully to %s'), htmlspecialchars($sr['hostname']));
}
}
}
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list