Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/phpmyadmin/phpmyadmin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/js/server_status_monitor.js
diff options
context:
space:
mode:
authorMadhura Jayaratne <madhura.cj@gmail.com>2014-10-21 07:15:09 +0400
committerMadhura Jayaratne <madhura.cj@gmail.com>2014-10-21 07:15:09 +0400
commit7b8962dede7631298c81e2c1cd267b81f1e08a8c (patch)
treeab574cf00df015d4e620097375d49cd21b99a266 /js/server_status_monitor.js
parentbd68c54d1beeef79d237e8bfda44690834012a76 (diff)
bug #4563 [security] XSS in monitor query analyzer
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
Diffstat (limited to 'js/server_status_monitor.js')
-rw-r--r--js/server_status_monitor.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/js/server_status_monitor.js b/js/server_status_monitor.js
index 4432cafdc6..97684d8ced 100644
--- a/js/server_status_monitor.js
+++ b/js/server_status_monitor.js
@@ -1855,7 +1855,7 @@ AJAX.registerOnload('server_status_monitor.js', function () {
if (name == 'user_host') {
return value.replace(/(\[.*?\])+/g, '');
}
- return value;
+ return escapeHtml(value);
};
for (var i = 0, l = rows.length; i < l; i++) {
@@ -2011,7 +2011,7 @@ AJAX.registerOnload('server_status_monitor.js', function () {
for (i = 0, l = data.explain.length; i < l; i++) {
explain += '<div class="explain-' + i + '"' + (i > 0 ? 'style="display:none;"' : '') + '>';
$.each(data.explain[i], function (key, value) {
- value = (value === null) ? 'null' : value;
+ value = (value === null) ? 'null' : escapeHtml(value);
if (key == 'type' && value.toLowerCase() == 'all') {
value = '<span class="attention">' + value + '</span>';
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-28 03:38:38 +0300