XSS in MSIE using NUL byte, thanks to JPCERT.
This commit is contained in:
Michal Čihař
@@ -88,6 +88,9 @@ danbarry
|
|||||||
+ [lang] Hungarian update, thanks to Jozsef Tamas Herczeg - dodika
|
+ [lang] Hungarian update, thanks to Jozsef Tamas Herczeg - dodika
|
||||||
- bug #2113848 [navi] Page number after database switching
|
- bug #2113848 [navi] Page number after database switching
|
||||||
|
|
||||||
|
2.11.9.2 (2008-09-22)
|
||||||
|
- [security] XSS in MSIE using NUL byte, thanks to JPCERT.
|
||||||
|
|
||||||
2.11.9.1 (2008-09-15)
|
2.11.9.1 (2008-09-15)
|
||||||
- [security] Code execution vulnerability, thanks to Norman Hippert
|
- [security] Code execution vulnerability, thanks to Norman Hippert
|
||||||
|
|
||||||
|
|||||||
@@ -46,6 +46,10 @@ function PMA_jsFormat($a_string = '', $add_backquotes = true)
|
|||||||
* enclosed by <![CDATA[ ... ]]>
|
* enclosed by <![CDATA[ ... ]]>
|
||||||
* this requires only to escape ' with \' and end of script block
|
* this requires only to escape ' with \' and end of script block
|
||||||
*
|
*
|
||||||
|
* We also remove NUL byte as some browsers (namely MSIE) ignore it and
|
||||||
|
* it and inserting it anywhere inside </script would allow to pass this
|
||||||
|
* check.
|
||||||
|
*
|
||||||
* @uses strtr()
|
* @uses strtr()
|
||||||
* @uses preg_replace()
|
* @uses preg_replace()
|
||||||
* @param string $string the string to be escaped
|
* @param string $string the string to be escaped
|
||||||
@@ -55,6 +59,7 @@ function PMA_escapeJsString($string)
|
|||||||
{
|
{
|
||||||
return preg_replace('@</script@i', '</\' + \'script',
|
return preg_replace('@</script@i', '</\' + \'script',
|
||||||
strtr($string, array(
|
strtr($string, array(
|
||||||
|
"\000" => '',
|
||||||
'\\' => '\\\\',
|
'\\' => '\\\\',
|
||||||
'\'' => '\\\'',
|
'\'' => '\\\'',
|
||||||
"\n" => '\n',
|
"\n" => '\n',
|
||||||
|
|||||||
Reference in New Issue
Block a user