Permalink
Browse files
Security patch for Designer and Designer visual mode
Closes: phpmyadmin-security#286
Ref: CVE-2019-18622
Ref: PMASA-2019-5
Signed-off-by: William Desportes <williamdes@wdes.fr>
- Loading branch information
Showing
with
4 additions
and
3 deletions.
-
+1
−1
js/designer/move.js
-
+3
−2
templates/database/designer/database_tables.twig
|
|
@@ -576,7 +576,7 @@ function addTableToTablesList (index, table_dom) { |
|
|
' />' + |
|
|
' </td>' + |
|
|
' <td class="designer_Tabs"' + |
|
|
' designer_url_table_name="' + db_encoded + '.' + table_encoded + '">' + db + '.' + table + '</td>' + |
|
|
' designer_url_table_name="' + db_encoded + '.' + table_encoded + '">' + $('<div/>').text(db + '.' + table).html() + '</td>' + |
|
|
'</tr>'); |
|
|
$('#id_scroll_tab table').first().append($new_table_line); |
|
|
$($new_table_line).find('.scroll_tab_struct').click(function () { |
|
|
|
|
|
@@ -50,7 +50,7 @@ |
|
|
table_name="{{ t_n_url }}" |
|
|
query_set="{{ has_query ? 1 : 0 }}"> |
|
|
<span class="owner">{{ designerTable.getDatabaseName() }}</span> |
|
|
{{ designerTable.getTableName()|raw }} |
|
|
{{ designerTable.getTableName() }} |
|
|
</td> |
|
|
{% if has_query %} |
|
|
<td class="tab_zag tab_zag_query" |
|
|
@@ -122,7 +122,8 @@ |
|
|
</td> |
|
|
{% if has_query %} |
|
|
<td class="small_tab_pref small_tab_pref_click_opt" |
|
|
option_col_name_modal="<strong>{{ 'Add an option for column "%s".'|trans|format(col_name) }}</strong>" |
|
|
{# Escaped 2 times to be able to use it in innerHtml #} |
|
|
option_col_name_modal="<strong>{{ 'Add an option for column "%s".'|trans|format(col_name)|escape('html')|escape('html') }}</strong>" |
|
|
db_name="{{ db }}" |
|
|
table_name="{{ table_name }}" |
|
|
col_name="{{ col_name }}" |
|
|
|
0 comments on commit
ff541af