Skip to content

Commit 647c9d1

Browse files
madhuracjMarc Delisle
authored and
Marc Delisle
committed
bug #4501 [security] XSS in table browse page
Signed-off-by: Marc Delisle <marc@infomarc.info>
1 parent 0cd293f commit 647c9d1

File tree

2 files changed

+2
-1
lines changed

2 files changed

+2
-1
lines changed

Diff for: ChangeLog

+1
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ phpMyAdmin - ChangeLog
22
======================
33

44
4.2.7.1 (2014-08-17)
5+
- bug #4501 [security] XSS in table browse page
56
- bug #4505 [security] XSS in view operations page
67

78
4.2.7.0 (2014-07-31)

Diff for: js/sql.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ AJAX.registerOnload('sql.js', function () {
119119
// Delete row from SQL results
120120
$('a.delete_row.ajax').live('click', function (e) {
121121
e.preventDefault();
122-
var question = $.sprintf(PMA_messages.strDoYouReally, $(this).closest('td').find('div').text());
122+
var question = $.sprintf(PMA_messages.strDoYouReally, escapeHtml($(this).closest('td').find('div').text()));
123123
var $link = $(this);
124124
$link.PMA_confirm(question, $link.attr('href'), function (url) {
125125
$msgbox = PMA_ajaxShowMessage();

0 commit comments

Comments
 (0)