bug #4486 [security] XSS injection due to unescaped table comment

Signed-off-by: Marc Delisle <marc@infomarc.info>
phpmyadmin · Jul 11, 2014 · 5747537 · 5747537
1 parent 9a79d87
commit 5747537
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/ChangeLog b/ChangeLog
@@ -11,6 +11,7 @@ phpMyAdmin - ChangeLog
 - bug #4485 Sorting breaks the copy column feature
 - bug #4440 Javascript error when renaming table
 - bug #4483 'New window' link (selflink) disappears, causing Javascript error
+- bug #4486 [security] XSS injection due to unescaped table comment
 
 4.2.5.0 (2014-06-26)
 - bug #4467 shell_exec() has been disabled for security reasons

diff --git a/libraries/structure.lib.php b/libraries/structure.lib.php
@@ -53,7 +53,8 @@ function PMA_getHtmlForActionLinks($current_table, $table_is_view, $tbl_url_quer
     $search_table .= '</a>';
 
     $browse_table_label = '<a href="sql.php?' . $tbl_url_query
-        . '&amp;pos=0" title="' . $current_table['TABLE_COMMENT'] . '">'
+        . '&amp;pos=0" title="'
+        . htmlspecialchars($current_table['TABLE_COMMENT']) . '">'
         . $truename . '</a>';
 
     if (!$db_is_system_schema) {