File tree 2 files changed +10
-1
lines changed
2 files changed +10
-1
lines changed Original file line number Diff line number Diff line change @@ -16,6 +16,7 @@ phpMyAdmin - ChangeLog
1616- bug #4486 [security] XSS injection due to unescaped table comment
1717- bug #4488 [security] XSS injection due to unescaped table name (triggers)
1818- bug #4492 [security] XSS in AJAX confirmation messages
19+ - bug #4491 [security] Missing validation for accessing User groups feature
1920
20214.2.5.0 (2014-06-26)
2122- bug #4467 shell_exec() has been disabled for security reasons
Original file line number Diff line number Diff line change 2020$ scripts = $ header ->getScripts ();
2121$ scripts ->addFile ('server_user_groups.js ' );
2222
23+ /**
24+ * Only allowed to superuser
25+ */
26+ if (! $ GLOBALS ['is_superuser ' ]) {
27+ $ response ->addHTML (PMA_Message::error (__ ('No Privileges ' ))->getDisplay ());
28+ exit ;
29+ }
30+
2331$ response ->addHTML ('<div> ' );
2432$ response ->addHTML (PMA_getHtmlForSubMenusOnUsersPage ('server_user_groups.php ' ));
2533
6169}
6270
6371$ response ->addHTML ('</div> ' );
64- ?>
72+ ?>
You can’t perform that action at this time.
0 commit comments