Fix persistent XSS in table browsing mode
$where_clause was used instead of escaped $where_clause_html. This would only come into play when a string field was contained in the index (and thus used in the where clause). Signed-off-by: Daniel Knittl-Frank <knittl89+git@googlemail.com>
This commit is contained in:
@@ -1488,7 +1488,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
|
||||
}
|
||||
|
||||
if( !empty($where_clause) ) {
|
||||
$vertical_display['where_clause'][$row_no] = '<input type="hidden" class="where_clause" value ="' . $where_clause . '" />';
|
||||
$vertical_display['where_clause'][$row_no] = '<input type="hidden" class="where_clause" value ="' . $where_clause_html . '" />';
|
||||
}
|
||||
else {
|
||||
unset($vertical_display['where_clause'][$row_no]);
|
||||
|
@@ -58,6 +58,6 @@ if ($doWriteModifyAt == 'left') {
|
||||
}
|
||||
}
|
||||
if( !empty($where_clause)) {
|
||||
echo '<input type="hidden" class="where_clause" value ="' . $where_clause . '" />';
|
||||
echo '<input type="hidden" class="where_clause" value ="' . $where_clause_html . '" />';
|
||||
}
|
||||
?>
|
||||
|
Reference in New Issue
Block a user