diff --git a/ChangeLog b/ChangeLog index 7dcc4f72e..38b64f971 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA - bug #2809930 [setup] Notice: Undefined variable: k in setup/index.php - bug [features] Incorrect report of missing relational features +3.2.0.1 (2009-06-30) +- [security] XSS: Insufficient output sanitizing in bookmarks + 3.2.0.0 (2009-06-15) - [core] better support for vendor customisation (based on what Debian needs) + rfe #2127987 warn when session.gc_maxlifetime is less than cookie validity diff --git a/libraries/common.lib.php b/libraries/common.lib.php index 9bfba0d35..25c6f0052 100644 --- a/libraries/common.lib.php +++ b/libraries/common.lib.php @@ -305,7 +305,7 @@ function PMA_formatSql($parsed_sql, $unparsed_sql = '') // well, not quite // first check for the SQL parser having hit an error if (PMA_SQP_isError()) { - return $parsed_sql; + return htmlspecialchars($parsed_sql['raw']); } // then check for an array if (!is_array($parsed_sql)) { diff --git a/sql.php b/sql.php index 5aed2d8a7..87914a85b 100644 --- a/sql.php +++ b/sql.php @@ -311,7 +311,7 @@ if (isset($GLOBALS['show_as_php']) || !empty($GLOBALS['validatequery'])) { $table = ''; } $active_page = $goto; - $message = PMA_Message::rawError($error); + $message = htmlspecialchars(PMA_Message::rawError($error)); /** * Go to target path. */