Permalink
Browse files

[security] XSS in a Designer component

  • Loading branch information...
1 parent 9155163 commit 625e9f2e93671f9e4a9086b8d6c8111f70ffcc3d @lem9 lem9 committed Oct 30, 2008
Showing with 5 additions and 1 deletion.
  1. +3 −0 ChangeLog
  2. +2 −1 pmd_pdf.php
View
@@ -11,6 +11,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- [core] do not automatically set and create TempDir, it might lead to security
issue (thanks to Thijs Kinkhorst)
+2.11.9.3 (2008-10-30)
+- [security] XSS in a Designer component
+
2.11.9.2 (2008-09-22)
- [security] XSS in MSIE using NUL byte, thanks to JPCERT.
View
@@ -60,7 +60,8 @@
<body>
<br>
<div style="text-align:center; font-weight:bold;">
- <form name="form1" method="post" action="pmd_pdf.php?server=<?php echo $server; ?>&db=<?php echo $db; ?>&token=<?php echo $token; ?>">
+ <form name="form1" method="post" action="pmd_pdf.php">
+<?php echo PMA_generate_common_hidden_inputs($db); ?>
<p><?php echo $strExportImportToScale; ?>:
<select name="scale">
<option value="1">1:1</option>

0 comments on commit 625e9f2

Please sign in to comment.