Skip to content

Commit 3ffc967

Browse files
madhuracjMarc Delisle
authored and
Marc Delisle
committed
bug #4517 [security] XSS in relation view
Signed-off-by: Marc Delisle <marc@infomarc.info>
1 parent 90ddeec commit 3ffc967

File tree

2 files changed

+2
-1
lines changed

2 files changed

+2
-1
lines changed

Diff for: ChangeLog

+1
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ phpMyAdmin - ChangeLog
77
- bug #4503 [security] Self-XSSes in monitor
88
- bug #4504 [security] Self-XSS in query charts
99
- bug #4505 [security] XSS in view operations page
10+
- bug #4517 [security] XSS in relation view
1011

1112
4.2.7.0 (2014-07-31)
1213
- bug Broken links on home page

Diff for: libraries/tbl_relation.lib.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -554,7 +554,7 @@ function PMA_getHtmlForForeignKey($save_row, $i, $existrel_foreign, $myfield, $d
554554
$html_output .= __('Constraint name');
555555
$html_output .= '<input type="text" name="constraint_name['
556556
. $myfield_md5 . ']"'
557-
. ' value="' . $constraint_name . '"/>';
557+
. ' value="' . htmlspecialchars($constraint_name) . '"/>';
558558
$html_output .= '</span>' . "\n";
559559

560560
$html_output .= '<span class="formelement clearfloat">';

0 commit comments

Comments
 (0)