nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix XSS with $cfg['SQP']['fmtType'] = 'text'.

Browse Source
This commit is contained in:
Michal Čihař
2010-08-20 10:38:32 +02:00
parent b337f45a0a
commit d2e0e09e0d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/sqlparser.lib.php
View File

@@ -2456,7 +2456,7 @@ if (! defined('PMA_MINIMUM_COMMON')) {
}
$after .= "\n";
*/
$str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : $arr[$i]['data']). $after;
$str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : htmlspecialchars($arr[$i]['data'])). $after;
} // end for
if ($mode=='color') {
$str .= '</span>';