Skip to content
Permalink
Browse files

bug #4563 [security] XSS in monitor query analyzer

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
  • Loading branch information...
madhuracj committed Oct 21, 2014
1 parent bd68c54 commit 7b8962dede7631298c81e2c1cd267b81f1e08a8c
Showing with 3 additions and 2 deletions.
  1. +1 −0 ChangeLog
  2. +2 −2 js/server_status_monitor.js
@@ -3,6 +3,7 @@ phpMyAdmin - ChangeLog

4.2.10.1 (not yet released)
- bug #4562 [security] XSS in debug SQL output
- bug #4563 [security] XSS in monitor query analyzer

4.2.10.0 (2014-10-11)
- bug #4361 Can't change font size (when config.inc.php not present)
@@ -1855,7 +1855,7 @@ AJAX.registerOnload('server_status_monitor.js', function () {
if (name == 'user_host') {
return value.replace(/(\[.*?\])+/g, '');
}
return value;
return escapeHtml(value);
};

for (var i = 0, l = rows.length; i < l; i++) {
@@ -2011,7 +2011,7 @@ AJAX.registerOnload('server_status_monitor.js', function () {
for (i = 0, l = data.explain.length; i < l; i++) {
explain += '<div class="explain-' + i + '"' + (i > 0 ? 'style="display:none;"' : '') + '>';
$.each(data.explain[i], function (key, value) {
value = (value === null) ? 'null' : value;
value = (value === null) ? 'null' : escapeHtml(value);

if (key == 'type' && value.toLowerCase() == 'all') {
value = '<span class="attention">' + value + '</span>';

0 comments on commit 7b8962d

Please sign in to comment.
You can’t perform that action at this time.