bug #4597 [security] XSS through pma_fontsize cookie

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
phpmyadmin · Nov 20, 2014 · 2ffdbf2 · 2ffdbf2
1 parent 2a3b739
commit 2ffdbf2
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -19,6 +19,7 @@ phpMyAdmin - ChangeLog
 - bug #4579 [security] XSS vulnerability in zoom search page
 - bug #4594 [security] Path traversal in file inclusion of GIS factory
 - bug #4598 [security] XSS in multi submit
+- bug #4597 [security] XSS through pma_fontsize cookie
 
 4.2.11.0 (2014-10-31)
 - bug       ReferenceError: Table_onover is not defined

diff --git a/libraries/Config.class.php b/libraries/Config.class.php
@@ -1761,7 +1761,7 @@ static protected function getFontsizeSelection()
         // for the case when there is no config file (this is supported)
         if (empty($current_size)) {
             if (isset($_COOKIE['pma_fontsize'])) {
-                $current_size = $_COOKIE['pma_fontsize'];
+                $current_size = htmlspecialchars($_COOKIE['pma_fontsize']);
             } else {
                 $current_size = '82%';
             }

diff --git a/libraries/Theme.class.php b/libraries/Theme.class.php
@@ -434,7 +434,7 @@ function getFontSize()
             return $fs;
         }
         if (isset($_COOKIE['pma_fontsize'])) {
-            return $_COOKIE['pma_fontsize'];
+            return htmlspecialchars($_COOKIE['pma_fontsize']);
         }
         return '82%';
     }