Fix XSS in DB_search.php

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
phpmyadmin · Jan 18, 2016 · 75a5582 · 75a5582
1 parent dbb2673
commit 75a5582
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/libraries/DbSearch.class.php b/libraries/DbSearch.class.php
@@ -344,7 +344,8 @@ private function _getResultsRow($each_table, $newsearchsqls, $odd_row, $res_cnt)
             $browse_result_path = 'sql.php' . PMA_URL_getCommon($this_url_params);
             $html_output .= '<td><a name="browse_search" class="ajax" href="'
                 . $browse_result_path . '" onclick="loadResult(\''
-                . $browse_result_path . '\',\'' . $each_table . '\',\''
+                . $browse_result_path . '\',\''
+                . PMA_escapeJsString(htmlspecialchars($each_table)) . '\',\''
                 . PMA_URL_getCommon(
                     array(
                         'db' => $GLOBALS['db'], 'table' => $each_table