Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[security] Fix stored XSS in link transformation plugin, see PMASA-20…
…13-13
  • Loading branch information
ruleant committed Jul 28, 2013
1 parent b9c814e commit e0c8704
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
1 change: 1 addition & 0 deletions ChangeLog
Expand Up @@ -10,6 +10,7 @@ phpMyAdmin - ChangeLog
- [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
- [security] Fix self-XSS in schema export, see PMASA-2013-14
- [security] Fix unencoded json object, see PMASA-2013-11
- [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13

4.0.4.1 (2013-06-30)
- [security] Global variables scope injection vulnerability (see PMASA-2013-7)
Expand Down
Expand Up @@ -53,8 +53,10 @@ public function applyTransformation($buffer, $options = array(), $meta = '')
$transform_options = array (
'string' => '<a href="'
. PMA_linkURL((isset($options[0]) ? $options[0] : '') . $append_part)
. '" title="' . (isset($options[1]) ? $options[1] : '')
. '" target="_new">' . (isset($options[1]) ? $options[1] : $buffer)
. '" title="'
. htmlspecialchars(isset($options[1]) ? $options[1] : '')
. '" target="_new">'
. htmlspecialchars(isset($options[1]) ? $options[1] : $buffer)
. '</a>'
);

Expand Down

0 comments on commit e0c8704

Please sign in to comment.