[security] XSS in a Designer component

2008-10-30 12:47:24 +00:00
parent 9155163f6e
commit 625e9f2e93
2 changed files with 5 additions and 1 deletions
--- a/3
+++ b/3
@@ -11,6 +11,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - [core] do not automatically set and create TempDir, it might lead to security
  issue (thanks to Thijs Kinkhorst)

+2.11.9.3 (2008-10-30)
+- [security] XSS in a Designer component 
+
 2.11.9.2 (2008-09-22)
 - [security] XSS in MSIE using NUL byte, thanks to JPCERT.

--- a/pmd_pdf.php
+++ b/pmd_pdf.php
@@ -60,7 +60,8 @@ if (isset($scale)) {
 <body>
 <br>
 <div style="text-align:center; font-weight:bold;">
-  <form name="form1" method="post" action="pmd_pdf.php?server=<?php echo $server; ?>&db=<?php echo $db; ?>&token=<?php echo $token; ?>">
+  <form name="form1" method="post" action="pmd_pdf.php">
+<?php echo PMA_generate_common_hidden_inputs($db); ?>
    <p><?php echo $strExportImportToScale; ?>:
      <select name="scale">
        <option value="1">1:1</option>