Escape HTML in js-generated confirmation messages
This commit is contained in:
@@ -11,6 +11,8 @@ phpMyAdmin - ChangeLog
|
||||
- [export] Remove native Excel export modules (xls and xlsx formats)
|
||||
- [import] Remove native Excel import modules (xls and xlsx formats)
|
||||
- bug #3392920 [edit] BLOB emptied after editing another column
|
||||
- [security] Fixed XSS in Inline Edit on save action, see PMASA-2011-14
|
||||
- [security] Fixed XSS with db/table/column names, see PMASA-2011-14
|
||||
|
||||
3.4.4.0 (2011-08-24)
|
||||
- bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes
|
||||
@@ -31,7 +33,6 @@ phpMyAdmin - ChangeLog
|
||||
- bug #3374347 [display] Backquotes in normal text on import page
|
||||
- bug #3358750 [core] With Suhosin, urls are too long in edit links
|
||||
- [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13
|
||||
- [security] Fixed XSS in Inline Edit on save action
|
||||
|
||||
3.4.3.2 (2011-07-23)
|
||||
- [security] Fixed XSS vulnerability, see PMASA-2011-9
|
||||
|
Reference in New Issue
Block a user