Permalink
Browse files

Fix #14548 [security] HTML injection in import warning messages

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
  • Loading branch information...
madhuracj committed Aug 18, 2018
1 parent 95732c7 commit 00d90b3ae415b31338f76263359467a9fbebd0a1
Showing with 2 additions and 1 deletion.
  1. +1 −0 ChangeLog
  2. +1 −1 libraries/classes/Sql.php
@@ -20,6 +20,7 @@ phpMyAdmin - ChangeLog
- issue #14554 Icon missing when creating a new trigger, routine, and event
- issue #14422 Table comment not showing since 4.8.1
- issue #14426 Drop table doesn't work when you copy tables to another database
- issue #14548 [security] HTML injection in import warning messages

4.8.2 (2018-06-21)
- issue #14370 WHERE 0 causes Fatal error
@@ -2257,7 +2257,7 @@ public function executeQueryAndGetQueryResponse(array $analyzed_sql_results,
Util::handleDisableFKCheckCleanup($default_fk_check);
foreach ($warning_messages as $warning) {
$message = Message::notice($warning);
$message = Message::notice(Message::sanitize($warning));
$html_output .= $message->getDisplay();
}

0 comments on commit 00d90b3

Please sign in to comment.