[security] Self-XSS on database names (Synchronize), see PMASA-2011-18
This commit is contained in:
@@ -19,6 +19,7 @@ phpMyAdmin - ChangeLog
|
||||
- bug #3439292 [core] Fail to synchronize column with name of keyword
|
||||
- bug #3425156 [interface] Add column after drop
|
||||
- [interface] Avoid showing the password in phpinfo()'s output
|
||||
- [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
|
||||
|
||||
3.4.7.1 (2011-11-10)
|
||||
- [security] Fixed possible local file inclusion in XML import
|
||||
|
@@ -1335,7 +1335,7 @@ function PMA_syncDisplayHeaderSource($src_db) {
|
||||
|
||||
echo '<table id="serverstatusconnections" class="data" width="55%">';
|
||||
echo '<tr>';
|
||||
echo '<th>' . __('Source database') . ': ' . $src_db . '<br />(';
|
||||
echo '<th>' . __('Source database') . ': ' . htmlspecialchars($src_db) . '<br />(';
|
||||
if ('cur' == $_SESSION['src_type']) {
|
||||
echo __('Current server');
|
||||
} else {
|
||||
@@ -1358,7 +1358,7 @@ function PMA_syncDisplayHeaderSource($src_db) {
|
||||
function PMA_syncDisplayHeaderTargetAndMatchingTables($trg_db, $matching_tables) {
|
||||
echo '<table id="serverstatusconnections" class="data" width="43%">';
|
||||
echo '<tr>';
|
||||
echo '<th>' . __('Target database') . ': '. $trg_db . '<br />(';
|
||||
echo '<th>' . __('Target database') . ': '. htmlspecialchars($trg_db) . '<br />(';
|
||||
if ('cur' == $_SESSION['trg_type']) {
|
||||
echo __('Current server');
|
||||
} else {
|
||||
|
Reference in New Issue
Block a user