[security] XSS in a Designer component

2008-10-30 12:47:24 +00:00
parent d848ff485b
commit 3d83805ab4
2 changed files with 8 additions and 1 deletions
--- a/6
+++ b/6
@@ -9,6 +9,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - [lang] Italian update, thanks to Luca and fantu
 - bug #2107583 [GUI] Leading newline truncated, thanks to Isart Montane
 3.0.1.1 (2008-10-30)
 - [security] XSS in a Designer component 
 3.0.1.0 (2008-10-22)
 - bug #2134126 [GUI] SQL error after sorting a subset
 + [lang] Catalan update, thanks to Xavier Navarro
@@ -119,6 +122,9 @@ danbarry
 - patch #2115966 [GUI] Checkboxes and IE 7, thanks to Martin - maschg 
 - bug #1914066 [core] ForceSSL generates incorrectly escaped redirections
 2.11.9.3 (2008-10-30)
 - [security] XSS in a Designer component 
 2.11.9.2 (2008-09-22)
 - [security] XSS in MSIE using NUL byte, thanks to JPCERT.
--- a/pmd_pdf.php
+++ b/pmd_pdf.php
@@ -61,7 +61,8 @@ require_once './libraries/header_meta_style.inc.php';
 <body>
 <br>
 <div>
-  <form name="form1" method="post" action="pmd_pdf.php?server=<?php echo $server; ?>&db=<?php echo $db; ?>&token=<?php echo $token; ?>">
+  <form name="form1" method="post" action="pmd_pdf.php">
 <?php echo PMA_generate_common_hidden_inputs($db); ?>
    <div>
    <fieldset><legend><?php echo $GLOBALS['strExport'] . '/' . $GLOBALS['strImport']; ?></legend>
    <p><?php echo $strExportImportToScale; ?>: