nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] Self-XSS on database names (Synchronize), see PMASA-2011-18

Browse Source
This commit is contained in:
Marc Delisle
2011-11-21 17:53:10 -05:00
parent e2b6af5a99
commit b289fe0824
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -19,6 +19,7 @@ phpMyAdmin - ChangeLog
- bug #3439292 [core] Fail to synchronize column with name of keyword
- bug #3425156 [interface] Add column after drop
- [interface] Avoid showing the password in phpinfo()'s output
- [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
3.4.7.1 (2011-11-10)
- [security] Fixed possible local file inclusion in XML import

4
libraries/server_synchronize.lib.php
View File

@@ -1335,7 +1335,7 @@ function PMA_syncDisplayHeaderSource($src_db) {
echo '<table id="serverstatusconnections" class="data" width="55%">';
echo '<tr>';
echo '<th>' . __('Source database') . ': ' . $src_db . '<br />(';
echo '<th>' . __('Source database') . ': ' . htmlspecialchars($src_db) . '<br />(';
if ('cur' == $_SESSION['src_type']) {
echo __('Current server');
} else {
@@ -1358,7 +1358,7 @@ function PMA_syncDisplayHeaderSource($src_db) {
function PMA_syncDisplayHeaderTargetAndMatchingTables($trg_db, $matching_tables) {
echo '<table id="serverstatusconnections" class="data" width="43%">';
echo '<tr>';
echo '<th>' . __('Target database') . ': '. $trg_db . '<br />(';
echo '<th>' . __('Target database') . ': '. htmlspecialchars($trg_db) . '<br />(';
if ('cur' == $_SESSION['trg_type']) {
echo __('Current server');
} else {