nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix persistent XSS in table browsing mode

Browse Source 
$where_clause was used instead of escaped $where_clause_html. This would
only come into play when a string field was contained in the index (and
thus used in the where clause).

Signed-off-by: Daniel Knittl-Frank <knittl89+git@googlemail.com>
This commit is contained in:
Daniel Knittl-Frank
2010-09-20 18:12:05 +02:00
parent f7076ab686
commit 4b313daa7a
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/display_tbl.lib.php
View File

@@ -1488,7 +1488,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
} }
if( !empty($where_clause) ) { if( !empty($where_clause) ) {
$vertical_display['where_clause'][$row_no] = '<input type="hidden" class="where_clause" value ="' . $where_clause . '" />'; $vertical_display['where_clause'][$row_no] = '<input type="hidden" class="where_clause" value ="' . $where_clause_html . '" />';
} }
else { else {
unset($vertical_display['where_clause'][$row_no]); unset($vertical_display['where_clause'][$row_no]);

2
libraries/display_tbl_links.lib.php
View File

@@ -58,6 +58,6 @@ if ($doWriteModifyAt == 'left') {
} }
} }
if( !empty($where_clause)) { if( !empty($where_clause)) {
echo '<input type="hidden" class="where_clause" value ="' . $where_clause . '" />'; echo '<input type="hidden" class="where_clause" value ="' . $where_clause_html . '" />';
} }
?> ?>