bug #1835123 [security] fixed XSS vulnerability on login page, thanks to Tim Brown (Nth Dimension) for the advisory and to Sebastian for the fix

2007-11-20 12:55:14 +00:00
parent b8b542e45c
commit 960064b55f
2 changed files with 6 additions and 1 deletions
--- a/5
+++ b/5
@@ -27,6 +27,11 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #1828265 [privileges] No weird characters in generated password 
 - bug #1759194 [import] open_basedir warning

+2.11.2.2 (2007-11-20)
+- bug #1835123 [security] fixed XSS vulnerability on login page, 
+  thanks to Tim Brown (Nth Dimension) for the advisory 
+  and to Sebastian for the fix
+
 2.11.2.1 (2007-11-11)
 - fixed possible SQL injection using database name
 - fixed possible XSS in database name - thanks to Omer Singer, The DigiTrust Group
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -233,7 +233,7 @@ if (top != self) {
    <fieldset class="tblFooters">
        <input value="<?php echo $GLOBALS['strGo']; ?>" type="submit" />
        <input type="hidden" name="lang" value="<?php echo $GLOBALS['lang']; ?>" />
-        <input type="hidden" name="convcharset" value="<?php echo $GLOBALS['convcharset']; ?>" />
+        <input type="hidden" name="convcharset" value="<?php echo htmlspecialchars($GLOBALS['convcharset'], ENT_QUOTES); ?>" />
    <?php
    if (!empty($GLOBALS['target'])) {
        echo '            <input type="hidden" name="target" value="' . htmlspecialchars($GLOBALS['target']) . '" />' . "\n";