bug #1835123 [security] fixed XSS vulnerability on login page, thanks to Tim Brown (Nth Dimension) for the advisory and to Sebastian for the fix

This commit is contained in:
Marc Delisle
2007-11-20 12:55:14 +00:00
parent e7b825acad
commit 47744bcdda
2 changed files with 6 additions and 1 deletions

View File

@@ -5,6 +5,11 @@ phpMyAdmin - ChangeLog
$Id$
$HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
2.11.2.2 (2007-11-20)
- bug #1835123 [security] fixed XSS vulnerability on login page,
thanks to Tim Brown (Nth Dimension) for the advisory
and to Sebastian for the fix
2.11.2.1 (2007-11-11)
- fixed possible SQL injection using database name
- fixed possible XSS in database name - thanks to Omer Singer, The DigiTrust Group

View File

@@ -233,7 +233,7 @@ if (top != self) {
<fieldset class="tblFooters">
<input value="<?php echo $GLOBALS['strGo']; ?>" type="submit" />
<input type="hidden" name="lang" value="<?php echo $GLOBALS['lang']; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $GLOBALS['convcharset']; ?>" />
<input type="hidden" name="convcharset" value="<?php echo htmlspecialchars($GLOBALS['convcharset'], ENT_QUOTES); ?>" />
<?php
if (!empty($GLOBALS['target'])) {
echo ' <input type="hidden" name="target" value="' . htmlspecialchars($GLOBALS['target']) . '" />' . "\n";