Permalink
Browse files

Merge remote-tracking branch 'origin/QA_3_5' into QA_3_5

  • Loading branch information...
2 parents cbbb8b4 + b6ae26a commit 0d2ef03eab802db7476e95a0ebd97cb9b774b134 @weblate weblate committed Apr 1, 2013
Showing with 3 additions and 2 deletions.
  1. +1 −0 ChangeLog
  2. +2 −2 tbl_gis_visualization.php
View
@@ -6,6 +6,7 @@ phpMyAdmin - ChangeLog
- bug #3854 Incorrect header for Safari 6.0
- bug #3705 Attempt to open trigger for edit gives NULL
- Use HTML5 DOCTYPE
+- [security] Self-XSS on GIS visualisation page, reported by Janek Vind
3.5.7.0 (2013-02-15)
- bug #3779 [core] Problem with backslash in enum fields
@@ -110,7 +110,7 @@
<?php echo PMA_generate_common_hidden_inputs($url_params); ?>
<fieldset>
<legend><?php echo __('Display GIS Visualization'); ?></legend>
- <div id="placeholder" style="width:<?php echo($visualizationSettings['width']); ?>px;height:<?php echo($visualizationSettings['height']); ?>px;">
+ <div id="placeholder" style="width:<?php echo htmlspecialchars($visualizationSettings['width']); ?>px;height:<?php echo htmlspecialchars($visualizationSettings['height']); ?>px;">
<?php echo $visualization; ?>
</div>
<div id="openlayersmap"></div>
@@ -202,4 +202,4 @@ function drawOpenLayers() {
*/
require './libraries/footer.inc.php';
-?>
+?>

0 comments on commit 0d2ef03

Please sign in to comment.