Skip to content

Commit

Permalink
bug #4563 [security] XSS in monitor query analyzer
Browse files Browse the repository at this point in the history 
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
  • Loading branch information
@madhuracj
madhuracj committed Oct 18, 2014
1 parent 57594fe commit a150ea1
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions ChangeLog
View file
Expand Up @@ -3,6 +3,7 @@ phpMyAdmin - ChangeLog

4.0.10.5 (not yet released)
- bug #4562 [security] XSS in debug SQL output
- bug #4563 [security] XSS in monitor query analyzer

4.0.10.4 (2014-10-01)
- bug #4544 [security] XSS vulnerabilities in table search and table structure pages
Expand Down
4 changes: 2 additions & 2 deletions js/server_status_monitor.js
View file
Expand Up @@ -1991,7 +1991,7 @@ AJAX.registerOnload('server_status_monitor.js', function() {
case 'user_host':
return value.replace(/(\[.*?\])+/g, '');
}
return value;
return escapeHtml(value);
};

for (var i = 0, l = rows.length; i < l; i++) {
Expand Down Expand Up @@ -2144,7 +2144,7 @@ AJAX.registerOnload('server_status_monitor.js', function() {
for (var i = 0, l = data.explain.length; i < l; i++) {
explain += '<div class="explain-' + i + '"' + (i>0? 'style="display:none;"' : '' ) + '>';
$.each(data.explain[i], function(key, value) {
value = (value == null)?'null':value;
value = (value == null)?'null': escapeHtml(value);

if (key == 'type' && value.toLowerCase() == 'all') {
value = '<span class="attention">' + value + '</span>';
Expand Down

0 comments on commit a150ea1

Please sign in to comment.