[phpMyAdmin Git] [phpmyadmin/phpmyadmin] b69311: Fix self-injection in Table specific privileges

Michal Čihař michal at cihar.com
Wed Nov 16 17:48:15 CET 2016


  Branch: refs/heads/QA_4_6
  Home:   https://github.com/phpmyadmin/phpmyadmin
  Commit: b69311e460bd52eebc4402a165c012e63121ef03
      https://github.com/phpmyadmin/phpmyadmin/commit/b69311e460bd52eebc4402a165c012e63121ef03
  Author: Deven Bansod <devenbansod.bits at gmail.com>
  Date:   2016-11-16 (Wed, 16 Nov 2016)

  Changed paths:
    M libraries/server_privileges.lib.php

  Log Message:
  -----------
  Fix self-injection in Table specific privileges

Don't manually add backticks (`) rather use the Util function,
since escaping of backticks inside the column_name has to be handled too.

Fix #12361

Signed-off-by: Deven Bansod <devenbansod.bits at gmail.com>


  Commit: 88b284816cdcbb3783685785f887faa061d0bd07
      https://github.com/phpmyadmin/phpmyadmin/commit/88b284816cdcbb3783685785f887faa061d0bd07
  Author: Deven Bansod <devenbansod.bits at gmail.com>
  Date:   2016-11-16 (Wed, 16 Nov 2016)

  Changed paths:
    M ChangeLog

  Log Message:
  -----------
  ChangeLog for #12361

Signed-off-by: Deven Bansod <devenbansod.bits at gmail.com>

Conflicts:
	ChangeLog


  Commit: 80d1bc7c2b6c29b29fe6653ae54d34f8bbb828d4
      https://github.com/phpmyadmin/phpmyadmin/commit/80d1bc7c2b6c29b29fe6653ae54d34f8bbb828d4
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-11-16 (Wed, 16 Nov 2016)

  Changed paths:
    M ChangeLog
    M libraries/server_privileges.lib.php

  Log Message:
  -----------
  Merge pull request #12711 from devenbansod/fix_12361

Fix #12361 : Fix self SQL injection in table-specific privileges


Compare: https://github.com/phpmyadmin/phpmyadmin/compare/0c36e5fd8536...80d1bc7c2b6c


More information about the Git mailing list