nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] Self-XSS in setup (host parameter), see PMASA-2011-19

Browse Source
This commit is contained in:
Michal Čihař
2011-12-13 12:42:39 -05:00
committed by Marc Delisle
parent bd3735ba58
commit 0e707906e6
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -12,6 +12,7 @@ phpMyAdmin - ChangeLog
- bug #3449659 [navi] Fast filter broken with table tree
- bug #3448485 [GUI] Firefox favicon frameset regression
- [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
3.4.8.0 (2011-12-01)
- bug #3425230 [interface] enum data split at space char (more space to edit)

2
libraries/config/ConfigFile.class.php
View File

@@ -425,7 +425,7 @@ class ConfigFile
return htmlspecialchars($verbose);
}
$host = $this->get("Servers/$id/host");
return empty($host) ? 'localhost' : $host;
return empty($host) ? 'localhost' : htmlspecialchars($host);
}
/**