Merge remote branch 'upstream/master'

phpmyadmin · Aug 12, 2012 · 054fab3 · 054fab3
2 parents fde2a58 + 7bf3fe0
commit 054fab3
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 5 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -61,6 +61,9 @@ VerboseMultiSubmit, ReplaceHelpImg
 - bug #3540922 [edit] Error searching table with many fields
 - bug #3555104 [edit] Cannot copy a DB with table & views
 
+3.5.2.2 (2012-08-12)
+- [security] Fixed XSS vulnerabilities, see PMASA-2012-4
+
 3.5.2.1 (2012-08-03)
 - [security] Fixed local path disclosure vulnerability, see PMASA-2012-3
 
@@ -178,6 +181,9 @@ VerboseMultiSubmit, ReplaceHelpImg
 - bug #3497151 [interface] Duplicate inline query edit box
 - bug #3504567 [mime] Description of the transformation missing in the tooltip
 
+3.4.11.1 (2012-08-12)
+- [security] Fixed XSS vulnerabilities, see PMASA-2012-4
+
 3.4.11.0 (2012-04-14)
 - bug #3486970 [import] Exception on XML import
 - bug #3488777 [navi] $cfg['ShowTooltipAliasTB'] and blank names in navigation

diff --git a/js/tbl_gis_visualization.js b/js/tbl_gis_visualization.js
@@ -298,7 +298,7 @@ $(function() {
      */
     $('.polygon, .multipolygon, .point, .multipoint, .linestring, .multilinestring, '
             + '.geometrycollection').live('mousemove', function(event) {
-        contents = $.trim($(this).attr('name'));
+        contents = $.trim(escapeHtml($(this).attr('name')));
         $("#tooltip").remove();
         if (contents != '') {
             $('<div id="tooltip">' + contents + '</div>').css({

diff --git a/libraries/rte/rte_triggers.lib.php b/libraries/rte/rte_triggers.lib.php
@@ -100,8 +100,12 @@ function PMA_TRI_handleEditor()
                 // 'Add a new item' mode
                 $result = PMA_DBI_try_query($item_query);
                 if (! $result) {
-                    $errors[] = sprintf(__('The following query has failed: "%s"'), $item_query) . '<br /><br />'
-                                      . __('MySQL said: ') . PMA_DBI_getError(null);
+                    $errors[] = sprintf(
+                        __('The following query has failed: "%s"'),
+                        htmlspecialchars($item_query)
+                    )
+                    . '<br /><br />'
+                    . __('MySQL said: ') . PMA_DBI_getError(null);
                 } else {
                     $message = PMA_Message::success(__('Trigger %1$s has been created.'));
                     $message->addParam(PMA_CommonFunctions::getInstance()->backquote($_REQUEST['item_name']));
@@ -325,7 +329,9 @@ function PMA_TRI_getEditorForm($mode, $item)
         } else if ($mode == 'edit' && $value == $item['item_table']) {
             $selected = " selected='selected'";
         }
-        $retval .= "            <option$selected>$value</option>\n";
+        $retval .= "<option$selected>";
+        $retval .= htmlspecialchars($value);
+        $retval .= "</option>\n";
     }
     $retval .= "        </select>\n";
     $retval .= "    </td>\n";

diff --git a/po/th.po b/po/th.po
@@ -3376,12 +3376,18 @@ msgid ""
 "A variable-length (%s) string, the effective maximum length is subject to "
 "the maximum row size"
 msgstr ""
+"คุณคงไม่ได้สร้างแฟ้มการกำหนดค่า คุณอาจต้องการใช้ %1$ssetup script%2$s "
+"เพื่อสร้างอย่างใดอย่างหนึ่ง"
 
 #: libraries/Types.class.php:333
 msgid ""
 "A TEXT column with a maximum length of 255 (2^8 - 1) characters, stored with "
 "a one-byte prefix indicating the length of the value in bytes"
 msgstr ""
+"phpMyAdmin พยายามเชื่อมต่อไปยังเซิร์ฟเวอร์ MySQL "
+"และเซิร์ฟเวอร์ได้ปฏิเสธการเชื่อมต่อดังกล่าว คุณควรตรวจสอบโฮสต์ "
+"ชื่อผู้ใช้และรหัสผ่านในการกำหนดค่าของคุณ และให้แน่ใจว่าค่าต่างๆ "
+"สอดคล้องกับข้อมูลที่กำหนดไว้ โดยผู้ดูแลระบบของเซิร์ฟเวอร์ MySQL แล้ว"
 
 #: libraries/Types.class.php:335 libraries/Types.class.php:731
 msgid ""

diff --git a/tbl_create.php b/tbl_create.php
@@ -277,7 +277,9 @@
             $new_table_string .= '<td class="center"> <input type="checkbox" id="checkbox_tbl_" name="selected_tbl[]" value="'.htmlspecialchars($table).'" /> </td>' . "\n";
 
             $new_table_string .= '<th>';
-            $new_table_string .= '<a href="sql.php' . PMA_generate_common_url($tbl_url_params) . '">'. $table . '</a>';
+            $new_table_string .= '<a href="sql.php'
+                . PMA_generate_common_url($tbl_url_params) . '">'
+                . htmlspecialchars($table) . '</a>';
 
             if (PMA_Tracker::isActive()) {
                 $truename = str_replace(' ', '&nbsp;', htmlspecialchars($table));