[Phpmyadmin-git] [SCM] phpMyAdmin branch, MAINT_2_11_11, updated. RELEASE_2_11_11-2-g21f624a

Marc Delisle Fri, 26 Nov 2010 06:12:46 -0800

The branch, MAINT_2_11_11 has been updated
       via  21f624a26574fd45c043ddd27bf5a190b80c2757 (commit)
       via  e1f4901ffc400b6d2df15eac0ba5015fe48a27c4 (commit)
      from  e6aeaf1925be0804e068d50b8c193d8b13f80ced (commit)



- Log -----------------------------------------------------------------
commit 21f624a26574fd45c043ddd27bf5a190b80c2757
Author: Marc Delisle <[email protected]>
Date:   Fri Nov 26 08:51:46 2010 -0500

    ChangeLog for XSS search

commit e1f4901ffc400b6d2df15eac0ba5015fe48a27c4
Author: Herman van Rink <[email protected]>
Date:   Thu Nov 25 11:50:50 2010 +0100

    bug #3115519: fixed XSS on search

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                |    3 +++
 libraries/common.lib.php |    2 +-
 2 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ff8b9dd..6cb1ab2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
 $Id$
 $HeadURL: 
https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog
 $
 
+2.11.11.1 (2010-11-26)
+- bug #3115519 (private) [security] XSS on db search
+
 2.11.11.0 (2010-09-07)
 - [core] Fix broken cleanup of $_GET
 - bug #3054458 [core] Fixed displaying number of rows.
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index 716af94..4dcbe8e 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -1644,7 +1644,7 @@ function PMA_linkOrButton($url, $message, $tag_params = 
array(),
         $tmp = $tag_params;
         $tag_params = array();
         if (!empty($tmp)) {
-            $tag_params['onclick'] = 'return confirmLink(this, \'' . $tmp . 
'\')';
+            $tag_params['onclick'] = 'return confirmLink(this, \'' . 
PMA_escapeJsString($tmp) . '\')';
         }
         unset($tmp);
     }


hooks/post-receive
-- 
phpMyAdmin

------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git

[Phpmyadmin-git] [SCM] phpMyAdmin branch, MAINT_2_11_11, updated. RELEASE_2_11_11-2-g21f624a

Reply via email to