Missing sanitization on the table, column and index names leads to XS…

…S vulnerabilities, see PMASA-2011-13
phpmyadmin · Aug 19, 2011 · c793755 · c793755
1 parent a5716cb
commit c793755
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/ChangeLog b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
 $Id$
 $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
 
+3.3.10.4 (not yet released)
+- [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13
+
 3.3.10.3 (2011-07-23)
 - [security] Fixed XSS vulnerability, see PMASA-2011-9
 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12

diff --git a/db_datadict.php b/db_datadict.php
@@ -70,7 +70,7 @@
         echo '<div>' . "\n";
     }
 
-    echo '<h2>' . $table . '</h2>' . "\n";
+    echo '<h2>' . htmlspecialchars($table) . '</h2>' . "\n";
 
     /**
      * Gets table informations