diff options
| author | Marc Delisle <marc@infomarc.info> | 2011-09-08 23:38:40 +0400 |
|---|---|---|
| committer | Marc Delisle <marc@infomarc.info> | 2011-09-08 23:38:40 +0400 |
| commit | bda213c58aec44925be661acb0e76c19483ea170 (patch) | |
| tree | c5bfaaf7b16a54f121dd1e5a4b8b38486eace561 | |
| parent | 2f28ce9c800274190418da0945ce3647d36e1db6 (diff) | |
Escape HTML in js-generated confirmation messagesRELEASE_3_4_5RC1
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | js/functions.js | 15 | ||||
| -rw-r--r-- | js/tbl_structure.js | 4 |
3 files changed, 17 insertions, 5 deletions
@@ -11,6 +11,8 @@ phpMyAdmin - ChangeLog - [export] Remove native Excel export modules (xls and xlsx formats) - [import] Remove native Excel import modules (xls and xlsx formats) - bug #3392920 [edit] BLOB emptied after editing another column +- [security] Fixed XSS in Inline Edit on save action, see PMASA-2011-14 +- [security] Fixed XSS with db/table/column names, see PMASA-2011-14 3.4.4.0 (2011-08-24) - bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes @@ -31,7 +33,6 @@ phpMyAdmin - ChangeLog - bug #3374347 [display] Backquotes in normal text on import page - bug #3358750 [core] With Suhosin, urls are too long in edit links - [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13 -- [security] Fixed XSS in Inline Edit on save action 3.4.3.2 (2011-07-23) - [security] Fixed XSS vulnerability, see PMASA-2011-9 diff --git a/js/functions.js b/js/functions.js index 75fd6776d3..b076661869 100644 --- a/js/functions.js +++ b/js/functions.js @@ -172,7 +172,7 @@ function selectContent( element, lock, only_once ) { } /** - * Displays a confirmation box before to submit a "DROP/DELETE/ALTER" query. + * Displays a confirmation box before submitting a "DROP/DELETE/ALTER" query. * This function is called while clicking links * * @param object the link @@ -1657,7 +1657,7 @@ $(document).ready(function() { /** * @var question String containing the question to be asked for confirmation */ - var question = PMA_messages['strDropDatabaseStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'DROP DATABASE ' + window.parent.db; + var question = PMA_messages['strDropDatabaseStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'DROP DATABASE ' + escapeHtml(window.parent.db); $(this).PMA_confirm(question, $(this).attr('href') ,function(url) { @@ -2287,3 +2287,14 @@ $(document).ready(function() { }) // end of $(document).ready() +/** + * HTML escaping + */ +function escapeHtml(unsafe) { + return unsafe + .replace(/&/g, "&") + .replace(/</g, "<") + .replace(/>/g, ">") + .replace(/"/g, """) + .replace(/'/g, "'"); +} diff --git a/js/tbl_structure.js b/js/tbl_structure.js index 352848cb65..493f0eb4e8 100644 --- a/js/tbl_structure.js +++ b/js/tbl_structure.js @@ -44,7 +44,7 @@ $(document).ready(function() { /** * @var question String containing the question to be asked for confirmation */ - var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + curr_table_name + '` DROP `' + curr_column_name + '`'; + var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + escapeHtml(curr_table_name) + '` DROP `' + escapeHtml(curr_column_name) + '`'; $(this).PMA_confirm(question, $(this).attr('href'), function(url) { @@ -83,7 +83,7 @@ $(document).ready(function() { /** * @var question String containing the question to be asked for confirmation */ - var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + curr_table_name + '` ADD PRIMARY KEY(`' + curr_column_name + '`)'; + var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + escapeHtml(curr_table_name) + '` ADD PRIMARY KEY(`' + escapeHtml(curr_column_name) + '`)'; $(this).PMA_confirm(question, $(this).attr('href'), function(url) { |