diff --git a/ChangeLog b/ChangeLog
index 6a6ca24b7..cd1e4cce6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -32,6 +32,13 @@ $HeadURL$
- bug [core] undefined variable in libraries/tbl_replace_fields.inc.php
- bug [gui] query window icon did not work, thanks to Jürgen Wind - windkiel
. [general] use PMA_getenv('PHP_SELF')
+- bug #1673599 [core] Call to undefined function PMA_isSuperuser()
+- bug [core] XSS vulnerability in PMA_sanitize(), thanks to sp3x SecurityReason
+
+2.10.0.3 (not released yet)
+=====================
+
+- bug #1679801 [core] XSS vulnerability in PMA_sanitize(), thanks to sp3x SecurityReason
2.10.0.2 (2007-03-02)
=====================
diff --git a/libraries/sanitizing.lib.php b/libraries/sanitizing.lib.php
index b36af285a..ba42f2de3 100644
--- a/libraries/sanitizing.lib.php
+++ b/libraries/sanitizing.lib.php
@@ -1,11 +1,17 @@
'
',
'[/a]' => '',
);
- return preg_replace('/\[a@([^"@]*)@([^]"]*)\]/', '', strtr($message, $replace_pairs));
+ $sanitized_message = strtr($message, $replace_pairs);
+ $sanitized_message = preg_replace(
+ '/\[a@([^"@]*)@([^]"]*)\]/e',
+ '\'\'',
+ $sanitized_message);
+
+ return $sanitized_message;
}
+/**
+ * removes javascript
+ *
+ * @uses trim()
+ * @uses strtolower()
+ * @uses substr()
+ * @param string uri
+ */
+function PMA_sanitizeUri($uri)
+{
+ $uri = trim($uri);
+
+ if (strtolower(substr($uri, 0, 10)) === 'javascript') {
+ return '';
+ }
+
+ return $uri;
+}
?>