Permalink
Browse files

bug #4562 [security] XSS in debug SQL output

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
  • Loading branch information...
madhuracj committed Oct 21, 2014
1 parent 319aac3 commit bd68c54d1beeef79d237e8bfda44690834012a76
Showing with 6 additions and 2 deletions.
  1. +3 −0 ChangeLog
  2. +3 −2 libraries/DatabaseInterface.class.php
View
@@ -1,6 +1,9 @@
phpMyAdmin - ChangeLog
======================
4.2.10.1 (not yet released)
- bug #4562 [security] XSS in debug SQL output
4.2.10.0 (2014-10-11)
- bug #4361 Can't change font size (when config.inc.php not present)
- bug #4542 Tab key in column name not shown
@@ -139,10 +139,11 @@ private function _dbgQuery($query, $link, $result, $time)
$_SESSION['debug']['queries'][$hash] = array();
if ($result == false) {
$_SESSION['debug']['queries'][$hash]['error']
= '<b style="color:red">' . mysqli_error($link) . '</b>';
= '<b style="color:red">'
. htmlspecialchars(mysqli_error($link)) . '</b>';
}
$_SESSION['debug']['queries'][$hash]['count'] = 1;
$_SESSION['debug']['queries'][$hash]['query'] = $query;
$_SESSION['debug']['queries'][$hash]['query'] = htmlspecialchars($query);
$_SESSION['debug']['queries'][$hash]['time'] = $time;
}

0 comments on commit bd68c54

Please sign in to comment.