[security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
This commit is contained in:
Dieter Adriaenssens
@@ -11,6 +11,7 @@ phpMyAdmin - ChangeLog
|
||||
- bug #3452506 [edit] Unable to move tables with triggers
|
||||
- bug #3449659 [navi] Fast filter broken with table tree
|
||||
- bug #3448485 [GUI] Firefox favicon frameset regression
|
||||
- [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
|
||||
|
||||
3.4.8.0 (2011-12-01)
|
||||
- bug #3425230 [interface] enum data split at space char (more space to edit)
|
||||
|
||||
@@ -150,10 +150,10 @@ if(isset($_GET['sql_query'])) {
|
||||
echo '<label for ="radio_allrows_0">' . __('Dump some row(s)') . '</label>'; ?>
|
||||
<ul>
|
||||
<li><label for="limit_to"><?php echo __('Number of rows:') . '</label> <input type="text" id="limit_to" name="limit_to" size="5" value="'
|
||||
. ((isset($_GET['limit_to'])) ? $_GET['limit_to'] : ((isset($unlim_num_rows) ? $unlim_num_rows : PMA_Table::countRecords($db, $table))))
|
||||
. ((isset($_GET['limit_to'])) ? htmlspecialchars($_GET['limit_to']) : ((isset($unlim_num_rows) ? $unlim_num_rows : PMA_Table::countRecords($db, $table))))
|
||||
. '" onfocus="this.select()" />' ?></li>
|
||||
<li><label for="limit_from"><?php echo __('Row to begin at:') . '</label> <input type="text" id="limit_from" name="limit_from" value="'
|
||||
. ((isset($_GET['limit_from'])) ? $_GET['limit_from'] : '0')
|
||||
. ((isset($_GET['limit_from'])) ? htmlspecialchars($_GET['limit_from']) : '0')
|
||||
. '" size="5" onfocus="this.select()" />'; ?></li>
|
||||
</ul>
|
||||
</li>
|
||||
@@ -242,7 +242,7 @@ if(isset($_GET['sql_query'])) {
|
||||
<?php
|
||||
echo ' value="';
|
||||
if(isset($_GET['filename_template'])) {
|
||||
echo $_GET['filename_template'];
|
||||
echo htmlspecialchars($_GET['filename_template']);
|
||||
} else {
|
||||
if ($export_type == 'database') {
|
||||
echo htmlspecialchars($GLOBALS['PMA_Config']->getUserValue(
|
||||
|
||||
Reference in New Issue
Block a user