Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix #14548 [security] HTML injection in import warning messages
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
  • Loading branch information
madhuracj committed Aug 18, 2018
1 parent 95732c7 commit 00d90b3
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions ChangeLog
Expand Up @@ -20,6 +20,7 @@ phpMyAdmin - ChangeLog
- issue #14554 Icon missing when creating a new trigger, routine, and event
- issue #14422 Table comment not showing since 4.8.1
- issue #14426 Drop table doesn't work when you copy tables to another database
- issue #14548 [security] HTML injection in import warning messages

4.8.2 (2018-06-21)
- issue #14370 WHERE 0 causes Fatal error
Expand Down
2 changes: 1 addition & 1 deletion libraries/classes/Sql.php
Expand Up @@ -2257,7 +2257,7 @@ public function executeQueryAndGetQueryResponse(array $analyzed_sql_results,
Util::handleDisableFKCheckCleanup($default_fk_check);

foreach ($warning_messages as $warning) {
$message = Message::notice($warning);
$message = Message::notice(Message::sanitize($warning));
$html_output .= $message->getDisplay();
}

Expand Down

0 comments on commit 00d90b3

Please sign in to comment.