nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] XSS: Insufficient output sanitizing (not exploitable without a valid token)

Browse Source
This commit is contained in:
Herman van Rink
2009-06-30 13:19:39 +00:00
parent 76e2d1550f
commit 824849c9ca
3 changed files with 15 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server_privileges.php
View File

@@ -682,7 +682,7 @@ function PMA_displayLoginInformationFields($mode = 'new')
. $username_length . '" title="' . $GLOBALS['strUserName'] . '"'
. (empty($GLOBALS['username'])
? ''
: ' value="' . (isset($GLOBALS['new_username'])
: ' value="' . htmlspecialchars(isset($GLOBALS['new_username'])
? $GLOBALS['new_username']
: $GLOBALS['username']) . '"')
. ' onchange="pred_username.value = \'userdefined\';" />' . "\n"
@@ -747,7 +747,7 @@ function PMA_displayLoginInformationFields($mode = 'new')
. '</span>' . "\n"
. '<input type="text" name="hostname" maxlength="'
. $hostname_length . '" value="'
. (isset($GLOBALS['hostname']) ? $GLOBALS['hostname'] : '')
. htmlspecialchars(isset($GLOBALS['hostname']) ? $GLOBALS['hostname'] : '')
. '" title="' . $GLOBALS['strHost']
. '" onchange="pred_hostname.value = \'userdefined\';" />' . "\n"
. PMA_showHint($GLOBALS['strHostTableExplanation'])