Skip to content

Commit 00d90b3

Browse files
committed
Fix #14548 [security] HTML injection in import warning messages
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
1 parent 95732c7 commit 00d90b3

File tree

2 files changed

+2
-1
lines changed

2 files changed

+2
-1
lines changed

Diff for: ChangeLog

+1
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ phpMyAdmin - ChangeLog
2020
- issue #14554 Icon missing when creating a new trigger, routine, and event
2121
- issue #14422 Table comment not showing since 4.8.1
2222
- issue #14426 Drop table doesn't work when you copy tables to another database
23+
- issue #14548 [security] HTML injection in import warning messages
2324

2425
4.8.2 (2018-06-21)
2526
- issue #14370 WHERE 0 causes Fatal error

Diff for: libraries/classes/Sql.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -2257,7 +2257,7 @@ public function executeQueryAndGetQueryResponse(array $analyzed_sql_results,
22572257
Util::handleDisableFKCheckCleanup($default_fk_check);
22582258

22592259
foreach ($warning_messages as $warning) {
2260-
$message = Message::notice($warning);
2260+
$message = Message::notice(Message::sanitize($warning));
22612261
$html_output .= $message->getDisplay();
22622262
}
22632263

0 commit comments

Comments
 (0)