Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix designer #13191

Merged
merged 1 commit into from Apr 28, 2017
Merged

Fix designer #13191

merged 1 commit into from Apr 28, 2017

Conversation

udan11
Copy link
Contributor

@udan11 udan11 commented Apr 14, 2017

Use this query to create a database and then click on Designer link.

CREATE DATABASE IF NOT EXISTS `"'"><iframe onload=alert(1)>` 
DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
USE `"'"><iframe onload=alert(1)>`;
CREATE TABLE `"'"><iframe onload=alert(1)>` (
  `"'"><iframe onload=alert(1)>` int(11) NOT NULL,
  `data` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
ALTER TABLE `"'"><iframe onload=alert(1)>`
  ADD PRIMARY KEY (`"'"><iframe onload=alert(1)>`);
ALTER TABLE `"'"><iframe onload=alert(1)>`
  MODIFY `"'"><iframe onload=alert(1)>` int(11) NOT NULL AUTO_INCREMENT;

Fixed query that is used in designer.
bd2543d 
Previously, it was using the htmlspecialchars(tbl_name) instead of the
real table name.

Signed-off-by: Dan Ungureanu <udan1107@gmail.com>
@codecov
Copy link

codecov bot commented Apr 14, 2017
edited

Codecov Report

Merging #13191 into QA_4_7 will not change coverage.
The diff coverage is 0%.

@@           Coverage Diff           @@
##           QA_4_7   #13191   +/-   ##
=======================================
  Coverage   54.39%   54.39%           
=======================================
  Files         466      466           
  Lines       69311    69311           
=======================================
  Hits        37703    37703           
  Misses      31608    31608

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a05bbd5...bd2543d. Read the comment docs.

@nijel nijel merged commit 2227f33 into phpmyadmin:QA_4_7 Apr 28, 2017
@nijel nijel self-assigned this Apr 28, 2017
@nijel nijel added this to the 4.7.1 milestone Apr 28, 2017
@nijel
Copy link
Contributor

nijel commented Apr 28, 2017

Merged, thanks for your contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@nijel nijel

Labels
None yet
Projects
None yet
Milestone
4.7.1
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@udan11 @nijel