nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] Self-XSS on column type (Create index), see PMASA-2011-18

Browse Source
This commit is contained in:
Rouslan Placella
2011-11-22 12:38:22 -05:00
committed by Marc Delisle
parent 1490533d91
commit bc45a1048d
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -21,6 +21,7 @@ phpMyAdmin - ChangeLog
- [interface] Avoid showing the password in phpinfo()'s output - [interface] Avoid showing the password in phpinfo()'s output
- [security] Self-XSS on database names (Synchronize), see PMASA-2011-18 - [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
- [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18 - [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
- [security] Self-XSS on column type (Create index), see PMASA-2011-18
3.4.7.1 (2011-11-10) 3.4.7.1 (2011-11-10)
- [security] Fixed possible local file inclusion in XML import - [security] Fixed possible local file inclusion in XML import

4
tbl_indexes.php
View File

@@ -200,7 +200,7 @@ foreach ($index->getColumns() as $column) {
|| preg_match('/(char|text)/i', $field_type)) { || preg_match('/(char|text)/i', $field_type)) {
echo '<option value="' . htmlspecialchars($field_name) . '"' echo '<option value="' . htmlspecialchars($field_name) . '"'
. (($field_name == $column->getName()) ? ' selected="selected"' : '') . '>' . (($field_name == $column->getName()) ? ' selected="selected"' : '') . '>'
. htmlspecialchars($field_name) . ' [' . $field_type . ']' . htmlspecialchars($field_name) . ' [' . htmlspecialchars($field_type) . ']'
. '</option>' . "\n"; . '</option>' . "\n";
} }
} // end foreach $fields } // end foreach $fields
@@ -222,7 +222,7 @@ for ($i = 0; $i < $add_fields; $i++) {
<?php <?php
foreach ($fields as $field_name => $field_type) { foreach ($fields as $field_name => $field_type) {
echo '<option value="' . htmlspecialchars($field_name) . '">' echo '<option value="' . htmlspecialchars($field_name) . '">'
. htmlspecialchars($field_name) . ' [' . $field_type . ']' . htmlspecialchars($field_name) . ' [' . htmlspecialchars($field_type) . ']'
. '</option>' . "\n"; . '</option>' . "\n";
} // end foreach $fields } // end foreach $fields
?> ?>