diff --git a/ChangeLog b/ChangeLog index af9b79cb1..110f36338 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog - bug #3486970 [import] Exception on XML import - bug #3488777 [navi] $cfg['ShowTooltipAliasTB'] and blank names in navigation +3.4.10.1 (2012-02-18) +- [security] XSS in replication setup, see PMASA-2012-1 + 3.4.10.0 (2012-02-14) - bug #3460090 [interface] TextareaAutoSelect feature broken - patch #3375984 [export] PHP Array export might generate invalid php code diff --git a/js/replication.js b/js/replication.js index 1a7c785b0..3ea119a97 100644 --- a/js/replication.js +++ b/js/replication.js @@ -5,7 +5,7 @@ */ var random_server_id = Math.floor(Math.random() * 10000000); -var conf_prefix = "server-id=" + random_server_id + "
log-bin=mysql-bin
log-error=mysql-bin.err
"; +var conf_prefix = "server-id=" + random_server_id + "\nlog-bin=mysql-bin\nlog-error=mysql-bin.err\n"; function update_config() { var conf_ignore = "binlog_ignore_db="; @@ -16,16 +16,16 @@ function update_config() { }); if ($('#db_select option:selected').size() == 0) { - $('#rep').html(conf_prefix); + $('#rep').text(conf_prefix); } else if ($('#db_type option:selected').val() == 'all') { - $('#rep').html(conf_prefix + conf_ignore + database_list); + $('#rep').text(conf_prefix + conf_ignore + database_list); } else { - $('#rep').html(conf_prefix + conf_do + database_list); + $('#rep').text(conf_prefix + conf_do + database_list); } } $(document).ready(function() { - $('#rep').html(conf_prefix); + $('#rep').text(conf_prefix); $('#db_type').change(update_config); $('#db_select').change(update_config);