Skip to content
GitHub no longer supports this web browser. Learn more about the browsers we support.
Permalink
Browse files

Security patch for Designer and Designer visual mode

Closes: phpmyadmin-security#286
Ref: CVE-2019-18622
Ref: PMASA-2019-5

Signed-off-by: William Desportes <williamdes@wdes.fr>
  • Loading branch information
williamdes committed Oct 28, 2019
1 parent 2adf0ba commit ff541af95d7155d8dd326f331b5e248fea8e7111
Showing with 4 additions and 3 deletions.
  1. +1 −1 js/designer/move.js
  2. +3 −2 templates/database/designer/database_tables.twig
@@ -576,7 +576,7 @@ function addTableToTablesList (index, table_dom) {
' />' +
' </td>' +
' <td class="designer_Tabs"' +
' designer_url_table_name="' + db_encoded + '.' + table_encoded + '">' + db + '.' + table + '</td>' +
' designer_url_table_name="' + db_encoded + '.' + table_encoded + '">' + $('<div/>').text(db + '.' + table).html() + '</td>' +
'</tr>');
$('#id_scroll_tab table').first().append($new_table_line);
$($new_table_line).find('.scroll_tab_struct').click(function () {
@@ -50,7 +50,7 @@
table_name="{{ t_n_url }}"
query_set="{{ has_query ? 1 : 0 }}">
<span class="owner">{{ designerTable.getDatabaseName() }}</span>
{{ designerTable.getTableName()|raw }}
{{ designerTable.getTableName() }}
</td>
{% if has_query %}
<td class="tab_zag tab_zag_query"
@@ -122,7 +122,8 @@
</td>
{% if has_query %}
<td class="small_tab_pref small_tab_pref_click_opt"
option_col_name_modal="<strong>{{ 'Add an option for column "%s".'|trans|format(col_name) }}</strong>"
{# Escaped 2 times to be able to use it in innerHtml #}
option_col_name_modal="<strong>{{ 'Add an option for column "%s".'|trans|format(col_name)|escape('html')|escape('html') }}</strong>"
db_name="{{ db }}"
table_name="{{ table_name }}"
col_name="{{ col_name }}"

0 comments on commit ff541af

Please sign in to comment.
You can’t perform that action at this time.