The branch, master has been updated
via f57daa0a59a0058a4b3be1bbdf1577b59d7d697a (commit)
from acf2e0a0340bfca162120c08b29f85e763cf08a5 (commit)
- Log -----------------------------------------------------------------
commit f57daa0a59a0058a4b3be1bbdf1577b59d7d697a
Author: Herman van Rink <[email protected]>
Date: Wed Jan 26 11:36:10 2011 +0100
Fix XSS problem, regression in the 3.4 branch.
Dev releases until -beta2 are vulnerable.
Thanks to Aung Khant from YGN Ethical Hacker Group (http://yehg.net/) for
reporting this issue.
-----------------------------------------------------------------------
Summary of changes:
libraries/header.inc.php | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libraries/header.inc.php b/libraries/header.inc.php
index 6ce37b8..dee9b15 100644
--- a/libraries/header.inc.php
+++ b/libraries/header.inc.php
@@ -121,7 +121,7 @@ if (!$GLOBALS['is_ajax_request']) {
printf($item,
$GLOBALS['cfg']['DefaultTabDatabase'],
PMA_generate_common_url($GLOBALS['db']),
- $GLOBALS['db'],
+ htmlspecialchars($GLOBALS['db']),
__('Database'),
's_tbl.png');
// if the table is being dropped, $_REQUEST['purge'] is set
hooks/post-receive
--
phpMyAdmin
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git
