Skip to content

Commit

Permalink
bug #4563 [security] XSS in monitor query analyzer
Browse files Browse the repository at this point in the history 
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
  • Loading branch information
@madhuracj
madhuracj committed Oct 21, 2014
1 parent f989e2a commit 0092f60
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions ChangeLog
View file
Expand Up @@ -3,6 +3,7 @@ phpMyAdmin - ChangeLog

4.1.14.6 (not yet released)
- bug #4562 [security] XSS in debug SQL output
- bug #4563 [security] XSS in monitor query analyzer

4.1.14.5 (2014-10-01)
- bug #4544 [security] XSS vulnerabilities in table search and table structure pages
Expand Down
4 changes: 2 additions & 2 deletions js/server_status_monitor.js
View file
Expand Up @@ -1824,7 +1824,7 @@ AJAX.registerOnload('server_status_monitor.js', function () {
if (name == 'user_host') {
return value.replace(/(\[.*?\])+/g, '');
}
return value;
return escapeHtml(value);
};

for (var i = 0, l = rows.length; i < l; i++) {
Expand Down Expand Up @@ -1980,7 +1980,7 @@ AJAX.registerOnload('server_status_monitor.js', function () {
for (i = 0, l = data.explain.length; i < l; i++) {
explain += '<div class="explain-' + i + '"' + (i > 0 ? 'style="display:none;"' : '') + '>';
$.each(data.explain[i], function (key, value) {
value = (value === null) ? 'null' : value;
value = (value === null) ? 'null' : escapeHtml(value);

if (key == 'type' && value.toLowerCase() == 'all') {
value = '<span class="attention">' + value + '</span>';
Expand Down

0 comments on commit 0092f60

Please sign in to comment.