XSS in MSIE using NUL byte, thanks to JPCERT.
This commit is contained in:
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
|
|||||||
$Id$
|
$Id$
|
||||||
$HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
|
$HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
|
||||||
|
|
||||||
|
2.11.9.2 (2008-09-22)
|
||||||
|
- [security] XSS in MSIE using NUL byte, thanks to JPCERT.
|
||||||
|
|
||||||
2.11.9.1 (2008-09-15)
|
2.11.9.1 (2008-09-15)
|
||||||
- [security] Code execution vulnerability, thanks to Norman Hippert
|
- [security] Code execution vulnerability, thanks to Norman Hippert
|
||||||
|
|
||||||
|
@@ -46,6 +46,10 @@ function PMA_jsFormat($a_string = '', $add_backquotes = true)
|
|||||||
* enclosed by <![CDATA[ ... ]]>
|
* enclosed by <![CDATA[ ... ]]>
|
||||||
* this requires only to escape ' with \' and end of script block
|
* this requires only to escape ' with \' and end of script block
|
||||||
*
|
*
|
||||||
|
* We also remove NUL byte as some browsers (namely MSIE) ignore it and
|
||||||
|
* it and inserting it anywhere inside </script would allow to pass this
|
||||||
|
* check.
|
||||||
|
*
|
||||||
* @uses strtr()
|
* @uses strtr()
|
||||||
* @uses preg_replace()
|
* @uses preg_replace()
|
||||||
* @param string $string the string to be escaped
|
* @param string $string the string to be escaped
|
||||||
@@ -55,6 +59,7 @@ function PMA_escapeJsString($string)
|
|||||||
{
|
{
|
||||||
return preg_replace('@</script@i', '</\' + \'script',
|
return preg_replace('@</script@i', '</\' + \'script',
|
||||||
strtr($string, array(
|
strtr($string, array(
|
||||||
|
"\000" => '',
|
||||||
'\\' => '\\\\',
|
'\\' => '\\\\',
|
||||||
'\'' => '\\\'',
|
'\'' => '\\\'',
|
||||||
"\n" => '\n',
|
"\n" => '\n',
|
||||||
|
Reference in New Issue
Block a user