Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/phpmyadmin/phpmyadmin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libraries
diff options
context:
space:
mode:
authorIsaac Bennetch <bennetch@gmail.com>2020-03-20 05:38:27 +0300
committerGitHub <noreply@github.com>2020-03-20 05:38:27 +0300
commit9ce61ea0e59a98147c156dd170cc0f8b95a7daaa (patch)
tree2df2b3a9e6fafd6469314c00e8db786ee4096adc /libraries
parent51d54d62bb0ed61bdf3bce52e06a9968701b067e (diff)
parent2489837213b90664aceebe4c9ac641bf167b8a97 (diff)
Merge pull request #306 from phpmyadmin/security/295
Fix SQL Injection and Data Extraction with XS-Search
Diffstat (limited to 'libraries')
-rw-r--r--libraries/classes/Display/Results.php2
1 files changed, 2 insertions, 0 deletions
diff --git a/libraries/classes/Display/Results.php b/libraries/classes/Display/Results.php
index 84de469c86..80120f20c8 100644
--- a/libraries/classes/Display/Results.php
+++ b/libraries/classes/Display/Results.php
@@ -5163,6 +5163,8 @@ class Results
if (count($url_params) > 0
&& (!empty($tmpdb) && !empty($meta->orgtable))
) {
+ $url_params['where_clause_sign'] = Core::signSqlQuery($url_params['where_clause']);
+
$result = '<a href="tbl_get_field.php'
. Url::getCommon($url_params)
. '" class="disableAjax">'
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 05:23:21 +0300