bug #1240880, XSS on the cookie-based login panel

2005-07-21 11:55:25 +00:00
parent ab3f0a9d84
commit 0191fc3c33
2 changed files with 5 additions and 1 deletions
--- a/4
+++ b/4
@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
 $Id$
 $Source$

+2005-07-21 Marc Delisle  <lem9@users.sourceforge.net>
+    * libraries/auth/cookie.auth.lib.php: bug #1240880, XSS on the
+	  cookie-based login panel
+
 2005-07-20 Marc Delisle  <lem9@users.sourceforge.net>
    * ChangeLog: automatic utf-8 encoding modeline, thanks to Michal

--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -618,7 +618,7 @@ global $conn_error, $server;
    } else if (isset($GLOBALS['no_activity']) && $GLOBALS['no_activity']) {
        $conn_error = sprintf($GLOBALS['strNoActivity'],$GLOBALS['cfg']['LoginCookieValidity']);
    } else if (PMA_DBI_getError()) {
-        $conn_error = PMA_DBI_getError();
+        $conn_error = PMA_sanitize(PMA_DBI_getError());
    } else if (isset($php_errormsg)) {
        $conn_error = $php_errormsg;
    } else {