nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] XSS in a Designer component

Browse Source
This commit is contained in:
Marc Delisle
2008-10-30 12:47:24 +00:00
parent 9155163f6e
commit 625e9f2e93
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -11,6 +11,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- [core] do not automatically set and create TempDir, it might lead to security
issue (thanks to Thijs Kinkhorst)
2.11.9.3 (2008-10-30)
- [security] XSS in a Designer component
2.11.9.2 (2008-09-22)
- [security] XSS in MSIE using NUL byte, thanks to JPCERT.

3
pmd_pdf.php
View File

@@ -60,7 +60,8 @@ if (isset($scale)) {
<body>
<br>
<div style="text-align:center; font-weight:bold;">
<form name="form1" method="post" action="pmd_pdf.php?server=<?php echo $server; ?>&db=<?php echo $db; ?>&token=<?php echo $token; ?>">
<form name="form1" method="post" action="pmd_pdf.php">
<?php echo PMA_generate_common_hidden_inputs($db); ?>
<p><?php echo $strExportImportToScale; ?>:
<select name="scale">
<option value="1">1:1</option>