[Phpmyadmin-git] [SCM] phpMyAdmin branch, MAINT_3_4_5, updated. RELEASE_3_4_4-37-gbda213c

Marc Delisle Thu, 08 Sep 2011 12:40:53 -0700

The branch, MAINT_3_4_5 has been updated
       via  bda213c58aec44925be661acb0e76c19483ea170 (commit)
      from  2f28ce9c800274190418da0945ce3647d36e1db6 (commit)



- Log -----------------------------------------------------------------
commit bda213c58aec44925be661acb0e76c19483ea170
Author: Marc Delisle <[email protected]>
Date:   Thu Sep 8 15:38:40 2011 -0400

    Escape HTML in js-generated confirmation messages

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog           |    3 ++-
 js/functions.js     |   15 +++++++++++++--
 js/tbl_structure.js |    4 ++--
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1376169..326c8c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,8 @@ phpMyAdmin - ChangeLog
 - [export] Remove native Excel export modules (xls and xlsx formats)
 - [import] Remove native Excel import modules (xls and xlsx formats)
 - bug #3392920 [edit] BLOB emptied after editing another column
+- [security] Fixed XSS in Inline Edit on save action, see PMASA-2011-14
+- [security] Fixed XSS with db/table/column names, see PMASA-2011-14 
 
 3.4.4.0 (2011-08-24)
 - bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed 
quotes
@@ -31,7 +33,6 @@ phpMyAdmin - ChangeLog
 - bug #3374347 [display] Backquotes in normal text on import page
 - bug #3358750 [core] With Suhosin, urls are too long in edit links
 - [security] Missing sanitization on the table, column and index names leads 
to XSS vulnerabilities, see PMASA-2011-13
-- [security] Fixed XSS in Inline Edit on save action
 
 3.4.3.2 (2011-07-23)
 - [security] Fixed XSS vulnerability, see PMASA-2011-9
diff --git a/js/functions.js b/js/functions.js
index 75fd677..b076661 100644
--- a/js/functions.js
+++ b/js/functions.js
@@ -172,7 +172,7 @@ function selectContent( element, lock, only_once ) {
 }
 
 /**
- * Displays a confirmation box before to submit a "DROP/DELETE/ALTER" query.
+ * Displays a confirmation box before submitting a "DROP/DELETE/ALTER" query.
  * This function is called while clicking links
  *
  * @param   object   the link
@@ -1657,7 +1657,7 @@ $(document).ready(function() {
         /**
          * @var question    String containing the question to be asked for 
confirmation
          */
-        var question = PMA_messages['strDropDatabaseStrongWarning'] + '\n' + 
PMA_messages['strDoYouReally'] + ' :\n' + 'DROP DATABASE ' + window.parent.db;
+        var question = PMA_messages['strDropDatabaseStrongWarning'] + '\n' + 
PMA_messages['strDoYouReally'] + ' :\n' + 'DROP DATABASE ' + 
escapeHtml(window.parent.db);
 
         $(this).PMA_confirm(question, $(this).attr('href') ,function(url) {
 
@@ -2287,3 +2287,14 @@ $(document).ready(function() {
 
 }) // end of $(document).ready()
 
+/**
+ * HTML escaping
+ */
+function escapeHtml(unsafe) {
+    return unsafe
+        .replace(/&/g, "&amp;")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;")
+        .replace(/'/g, "&#039;");
+}
diff --git a/js/tbl_structure.js b/js/tbl_structure.js
index 352848c..493f0eb 100644
--- a/js/tbl_structure.js
+++ b/js/tbl_structure.js
@@ -44,7 +44,7 @@ $(document).ready(function() {
         /**
          * @var question    String containing the question to be asked for 
confirmation
          */
-        var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + 
curr_table_name + '` DROP `' + curr_column_name + '`';
+        var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + 
escapeHtml(curr_table_name) + '` DROP `' + escapeHtml(curr_column_name) + '`';
 
         $(this).PMA_confirm(question, $(this).attr('href'), function(url) {
 
@@ -83,7 +83,7 @@ $(document).ready(function() {
         /**
          * @var question    String containing the question to be asked for 
confirmation
          */
-        var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + 
curr_table_name + '` ADD PRIMARY KEY(`' + curr_column_name + '`)';
+        var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + 
escapeHtml(curr_table_name) + '` ADD PRIMARY KEY(`' + 
escapeHtml(curr_column_name) + '`)';
 
         $(this).PMA_confirm(question, $(this).attr('href'), function(url) {
 


hooks/post-receive
-- 
phpMyAdmin

------------------------------------------------------------------------------
Doing More with Less: The Next Generation Virtual Desktop 
What are the key obstacles that have prevented many mid-market businesses
from deploying virtual desktops?   How do next-generation virtual desktops
provide companies an easier-to-deploy, easier-to-manage and more affordable
virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git

[Phpmyadmin-git] [SCM] phpMyAdmin branch, MAINT_3_4_5, updated. RELEASE_3_4_4-37-gbda213c

Reply via email to