Skip to content

Commit 2a3b739

Browse files
committed
bug #4598 [security] XSS in multi submit
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
1 parent 80cd40b commit 2a3b739

File tree

2 files changed

+5
-3
lines changed

2 files changed

+5
-3
lines changed

Diff for: ChangeLog

+1
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ phpMyAdmin - ChangeLog
1818
- bug #4578 [security] XSS vulnerability in table print view
1919
- bug #4579 [security] XSS vulnerability in zoom search page
2020
- bug #4594 [security] Path traversal in file inclusion of GIS factory
21+
- bug #4598 [security] XSS in multi submit
2122

2223
4.2.11.0 (2014-10-31)
2324
- bug ReferenceError: Table_onover is not defined

Diff for: libraries/mult_submits.lib.php

+4-3
Original file line numberDiff line numberDiff line change
@@ -554,13 +554,14 @@ function PMA_getQueryFromSelected($what, $db, $table, $selected, $action, $views
554554
foreach ($selected as $sval) {
555555
switch ($what) {
556556
case 'row_delete':
557-
$full_query .= 'DELETE FROM ' . PMA_Util::backquote($db)
558-
. '.' . PMA_Util::backquote($table)
557+
$full_query .= 'DELETE FROM '
558+
. PMA_Util::backquote(htmlspecialchars($db))
559+
. '.' . PMA_Util::backquote(htmlspecialchars($table))
559560
// Do not append a "LIMIT 1" clause here
560561
// (it's not binlog friendly).
561562
// We don't need the clause because the calling panel permits
562563
// this feature only when there is a unique index.
563-
. ' WHERE ' . urldecode($sval)
564+
. ' WHERE ' . urldecode(htmlspecialchars($sval))
564565
. ';<br />';
565566
break;
566567
case 'drop_db':

0 commit comments

Comments
 (0)