Skip to content

Commit

Permalink
bug #4492 [security] XSS in AJAX confirmation messages
Browse files Browse the repository at this point in the history 
Signed-off-by: Marc Delisle <marc@infomarc.info>
  • Loading branch information
@lem9
lem9 committed Jul 17, 2014
1 parent 61a9484 commit 29a1f56
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 2 deletions.
1 change: 1 addition & 0 deletions ChangeLog
View file
Expand Up @@ -15,6 +15,7 @@ phpMyAdmin - ChangeLog
- bug #4459 First few characters of database name aren't clickable when expanded
- bug #4486 [security] XSS injection due to unescaped table comment
- bug #4488 [security] XSS injection due to unescaped table name (triggers)
- bug #4492 [security] XSS in AJAX confirmation messages

4.2.5.0 (2014-06-26)
- bug #4467 shell_exec() has been disabled for security reasons
Expand Down
4 changes: 2 additions & 2 deletions js/functions.js
View file
Expand Up @@ -3548,7 +3548,7 @@ AJAX.registerOnload('functions.js', function () {
var question = PMA_messages.strDropTableStrongWarning + ' ';
question += $.sprintf(
PMA_messages.strDoYouReally,
'DROP TABLE ' + PMA_commonParams.get('table')
'DROP TABLE ' + escapeHtml(PMA_commonParams.get('table'))
);

$(this).PMA_confirm(question, $(this).attr('href'), function (url) {
Expand Down Expand Up @@ -3614,7 +3614,7 @@ AJAX.registerOnload('functions.js', function () {
var question = PMA_messages.strTruncateTableStrongWarning + ' ';
question += $.sprintf(
PMA_messages.strDoYouReally,
'TRUNCATE ' + PMA_commonParams.get('table')
'TRUNCATE ' + escapeHtml(PMA_commonParams.get('table'))
);
$(this).PMA_confirm(question, $(this).attr('href'), function (url) {
PMA_ajaxShowMessage(PMA_messages.strProcessingRequest);
Expand Down
1 change: 1 addition & 0 deletions js/tbl_structure.js
View file
Expand Up @@ -198,6 +198,7 @@ AJAX.registerOnload('tbl_structure.js', function () {
* @var curr_column_name String containing name of the field referred to by {@link curr_row}
*/
var curr_column_name = $curr_row.children('th').children('label').text();
curr_column_name = escapeHtml(curr_column_name);
/**
* @var $after_field_item Corresponding entry in the 'After' field.
*/
Expand Down

0 comments on commit 29a1f56

Please sign in to comment.