Skip to content
Permalink
Browse files

Fix for Empty and Drop vulnerabilities on db Structure and Operations…

…, see PMASA-2012-4
  • Loading branch information...
lem9 committed Aug 9, 2012
1 parent 50d1a48 commit ee306681d0d5ac09b6fc62a7d573020af083e856
Showing with 4 additions and 4 deletions.
  1. +2 −2 js/db_structure.js
  2. +2 −2 js/functions.js
@@ -276,7 +276,7 @@ $(document).ready(function() {
/**
* @var question String containing the question to be asked for confirmation
*/
var question = 'TRUNCATE ' + curr_table_name;
var question = 'TRUNCATE ' + escapeHtml(curr_table_name);

$this_anchor.PMA_confirm(question, $this_anchor.attr('href'), function(url) {

@@ -335,7 +335,7 @@ $(document).ready(function() {
} else {
question += 'TABLE';
}
question += ' ' + curr_table_name;
question += ' ' + escapeHtml(curr_table_name);

$this_anchor.PMA_confirm(question, $this_anchor.attr('href'), function(url) {

@@ -3342,7 +3342,7 @@ $(document).ready(function() {
/**
* @var question String containing the question to be asked for confirmation
*/
var question = PMA_messages['strDropTableStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'DROP TABLE ' + window.parent.table;
var question = PMA_messages['strDropTableStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'DROP TABLE ' + escapeHtml(window.parent.table);

$(this).PMA_confirm(question, $(this).attr('href') ,function(url) {

@@ -3373,7 +3373,7 @@ $(document).ready(function() {
/**
* @var question String containing the question to be asked for confirmation
*/
var question = PMA_messages['strTruncateTableStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'TRUNCATE TABLE ' + window.parent.table;
var question = PMA_messages['strTruncateTableStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'TRUNCATE TABLE ' + escapeHtml(window.parent.table);

$(this).PMA_confirm(question, $(this).attr('href') ,function(url) {

0 comments on commit ee30668

Please sign in to comment.
You can’t perform that action at this time.