[security] Fixed XSS in Inline Edit on save action

2011-08-19 13:12:04 +02:00
parent 4039683ab3
commit 2f28ce9c80
2 changed files with 2 additions and 1 deletions
--- a/1
+++ b/1
@@ -31,6 +31,7 @@ phpMyAdmin - ChangeLog
 - bug #3374347 [display] Backquotes in normal text on import page
 - bug #3358750 [core] With Suhosin, urls are too long in edit links
 - [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13
+- [security] Fixed XSS in Inline Edit on save action

 3.4.3.2 (2011-07-23)
 - [security] Fixed XSS vulnerability, see PMASA-2011-9
--- a/js/sql.js
+++ b/js/sql.js
@@ -1111,7 +1111,7 @@ function PMA_unInlineEditRow($del_hide, $chg_submit, $this_td, $input_siblings,
                    }
                }
            }
-            $this_sibling.html(new_html);
+            $this_sibling.text(new_html);
        }
    })
 }