Escape HTML in js-generated confirmation messages

This commit is contained in:
Marc Delisle
2011-09-08 15:38:40 -04:00
parent 2f28ce9c80
commit bda213c58a
3 changed files with 17 additions and 5 deletions

View File

@@ -11,6 +11,8 @@ phpMyAdmin - ChangeLog
- [export] Remove native Excel export modules (xls and xlsx formats)
- [import] Remove native Excel import modules (xls and xlsx formats)
- bug #3392920 [edit] BLOB emptied after editing another column
- [security] Fixed XSS in Inline Edit on save action, see PMASA-2011-14
- [security] Fixed XSS with db/table/column names, see PMASA-2011-14
3.4.4.0 (2011-08-24)
- bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes
@@ -31,7 +33,6 @@ phpMyAdmin - ChangeLog
- bug #3374347 [display] Backquotes in normal text on import page
- bug #3358750 [core] With Suhosin, urls are too long in edit links
- [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13
- [security] Fixed XSS in Inline Edit on save action
3.4.3.2 (2011-07-23)
- [security] Fixed XSS vulnerability, see PMASA-2011-9