blob: 164a072ef8e451a62ea84ea143d9a070d0828899 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
From 0cd293f5e13aa245e4a57b8d373597cc0e421b6f Mon Sep 17 00:00:00 2001
From: Madhura Jayaratne <madhura.cj@gmail.com>
Date: Sun, 17 Aug 2014 08:41:57 -0400
Subject: [PATCH] bug #4505 [security] XSS in view operations page
Upstream-Status: Backport
Signed-off-by: Marc Delisle <marc@infomarc.info>
---
ChangeLog | 3 +++
js/functions.js | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 7afac1a..cec9d77 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,9 @@
phpMyAdmin - ChangeLog
======================
+4.2.7.1 (2014-08-17)
+- bug #4505 [security] XSS in view operations page
+
4.2.7.0 (2014-07-31)
- bug Broken links on home page
- bug #4494 Overlap in navigation panel
diff --git a/js/functions.js b/js/functions.js
index 09bfeda..a970a81 100644
--- a/js/functions.js
+++ b/js/functions.js
@@ -3585,7 +3585,7 @@ AJAX.registerOnload('functions.js', function () {
var question = PMA_messages.strDropTableStrongWarning + ' ';
question += $.sprintf(
PMA_messages.strDoYouReally,
- 'DROP VIEW ' + PMA_commonParams.get('table')
+ 'DROP VIEW ' + escapeHtml(PMA_commonParams.get('table'))
);
$(this).PMA_confirm(question, $(this).attr('href'), function (url) {
--
1.7.10.4
|
