Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[security] Self-XSS on database names (Operations/rename), see PMASA-…

…2011-18
  • Loading branch information...
commit 1490533d91e9d3820e78ca4eac7981886eaea2cb 1 parent b289fe0
@lem9 lem9 authored
Showing with 2 additions and 1 deletion.
  1. +1 −0  ChangeLog
  2. +1 −1  js/db_operations.js
View
1  ChangeLog
@@ -20,6 +20,7 @@ phpMyAdmin - ChangeLog
- bug #3425156 [interface] Add column after drop
- [interface] Avoid showing the password in phpinfo()'s output
- [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
+- [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
3.4.7.1 (2011-11-10)
- [security] Fixed possible local file inclusion in XML import
View
2  js/db_operations.js
@@ -32,7 +32,7 @@ $(document).ready(function() {
var $form = $(this);
- var question = 'CREATE DATABASE ' + $('#new_db_name').val() + ' / DROP DATABASE ' + window.parent.db;
+ var question = escapeHtml('CREATE DATABASE ' + $('#new_db_name').val() + ' / DROP DATABASE ' + window.parent.db);
PMA_prepareForAjaxRequest($form);
/**
Please sign in to comment.
Something went wrong with that request. Please try again.