bug #4579 [security] XSS vulnerability in zoom search page

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
phpmyadmin · Nov 20, 2014 · 1bc04ec · 1bc04ec
1 parent d32da34
commit 1bc04ec
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/ChangeLog b/ChangeLog
@@ -16,6 +16,7 @@ phpMyAdmin - ChangeLog
 - bug #4596 [security] XSS through exception stack
 - bug #4595 [security] Path traversal can lead to leakage of line count
 - bug #4578 [security] XSS vulnerability in table print view
+- bug #4579 [security] XSS vulnerability in zoom search page
 
 4.2.11.0 (2014-10-31)
 - bug       ReferenceError: Table_onover is not defined

diff --git a/tbl_zoom_select.php b/tbl_zoom_select.php
@@ -81,7 +81,7 @@
     }
     $key = array_search($field, $table_search->getColumnNames());
     $properties = $table_search->getColumnProperties($_REQUEST['it'], $key);
-    $response->addJSON('field_type', $properties['type']);
+    $response->addJSON('field_type', htmlspecialchars($properties['type']));
     $response->addJSON('field_collation', $properties['collation']);
     $response->addJSON('field_operators', $properties['func']);
     $response->addJSON('field_value', $properties['value']);