File tree 3 files changed +3
-2
lines changed
3 files changed +3
-2
lines changed Original file line number Diff line number Diff line change @@ -19,6 +19,7 @@ phpMyAdmin - ChangeLog
1919- bug #4579 [security] XSS vulnerability in zoom search page
2020- bug #4594 [security] Path traversal in file inclusion of GIS factory
2121- bug #4598 [security] XSS in multi submit
22+ - bug #4597 [security] XSS through pma_fontsize cookie
2223
23244.2.11.0 (2014-10-31)
2425- bug ReferenceError: Table_onover is not defined
Original file line number Diff line number Diff line change @@ -1761,7 +1761,7 @@ static protected function getFontsizeSelection()
17611761 // for the case when there is no config file (this is supported)
17621762 if (empty ($ current_size )) {
17631763 if (isset ($ _COOKIE ['pma_fontsize ' ])) {
1764- $ current_size = $ _COOKIE ['pma_fontsize ' ];
1764+ $ current_size = htmlspecialchars ( $ _COOKIE ['pma_fontsize ' ]) ;
17651765 } else {
17661766 $ current_size = '82% ' ;
17671767 }
Original file line number Diff line number Diff line change @@ -434,7 +434,7 @@ function getFontSize()
434434 return $ fs ;
435435 }
436436 if (isset ($ _COOKIE ['pma_fontsize ' ])) {
437- return $ _COOKIE ['pma_fontsize ' ];
437+ return htmlspecialchars ( $ _COOKIE ['pma_fontsize ' ]) ;
438438 }
439439 return '82% ' ;
440440 }
You can’t perform that action at this time.
0 commit comments