nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] Self-XSS on invalid query (table overview), see PMASA-2011-18

Browse Source
This commit is contained in:
Dieter Adriaenssens
2011-11-22 21:59:19 +01:00
parent dac8d6ce25
commit 077c10020e
2 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -23,6 +23,7 @@ phpMyAdmin - ChangeLog
- [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
- [security] Self-XSS on column type (Create index), see PMASA-2011-18
- [security] Self-XSS on column type (table Search), see PMASA-2011-18
- [security] Self-XSS on invalid query (table overview), see PMASA-2011-18
3.4.7.1 (2011-11-10)
- [security] Fixed possible local file inclusion in XML import

5
libraries/common.lib.php
View File

@@ -1059,13 +1059,10 @@ function PMA_showMessage($message, $sql_query = null, $type = 'notice', $is_view
} else {
// Parse SQL if needed
$parsed_sql = PMA_SQP_parse($query_base);
if (PMA_SQP_isError()) {
unset($parsed_sql);
}
}
// Analyze it
if (isset($parsed_sql)) {
if (isset($parsed_sql) && ! PMA_SQP_isError()) {
$analyzed_display_query = PMA_SQP_analyze($parsed_sql);
// Here we append the LIMIT added for navigation, to
// enable its display. Adding it higher in the code