nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1835123 [security] fixed XSS vulnerability on login page, thanks to Tim Brown (Nth Dimension) for the advisory and to Sebastian for the fix

Browse Source
This commit is contained in:
Marc Delisle
2007-11-20 12:55:14 +00:00
parent b8b542e45c
commit 960064b55f
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/auth/cookie.auth.lib.php
View File

@@ -233,7 +233,7 @@ if (top != self) {
<fieldset class="tblFooters">
<input value="<?php echo $GLOBALS['strGo']; ?>" type="submit" />
<input type="hidden" name="lang" value="<?php echo $GLOBALS['lang']; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $GLOBALS['convcharset']; ?>" />
<input type="hidden" name="convcharset" value="<?php echo htmlspecialchars($GLOBALS['convcharset'], ENT_QUOTES); ?>" />
<?php
if (!empty($GLOBALS['target'])) {
echo ' <input type="hidden" name="target" value="' . htmlspecialchars($GLOBALS['target']) . '" />' . "\n";