Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix XSS vulnerability in central columns feature
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
  • Loading branch information
madhuracj committed Feb 19, 2018
1 parent 571097b commit d2886a3
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
1 change: 1 addition & 0 deletions ChangeLog
Expand Up @@ -5,6 +5,7 @@ phpMyAdmin - ChangeLog
- issue #13914 Fixed resetting default setting values.
- issue #13758 Fixed fallback value for collation connection.
- issue #13938 Fixed error handling in PHP 7.2
- issue [security] Fix XSS in Central Columns Feature, See PMASA-2018-01

4.7.7 (2017-12-23)
- issue #13865 Fixed displaying of formatted numeric values for some locales
Expand Down
4 changes: 3 additions & 1 deletion db_central_columns.php
Expand Up @@ -90,7 +90,9 @@
parse_str($_POST['col_name'], $col_name);
$tmp_msg = PMA_deleteColumnsFromList($col_name['selected_fld'], false);
}
if (isset($_REQUEST['total_rows']) && $_REQUEST['total_rows']) {
if (!empty($_REQUEST['total_rows'])
&& PMA_isValid($_REQUEST['total_rows'], 'integer')
) {
$total_rows = $_REQUEST['total_rows'];
} else {
$total_rows = PMA_getCentralColumnsCount($db);
Expand Down

0 comments on commit d2886a3

Please sign in to comment.