diff options
author | Isaac Bennetch <bennetch@gmail.com> | 2020-03-20 05:38:27 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-20 05:38:27 +0300 |
commit | 9ce61ea0e59a98147c156dd170cc0f8b95a7daaa (patch) | |
tree | 2df2b3a9e6fafd6469314c00e8db786ee4096adc /libraries | |
parent | 51d54d62bb0ed61bdf3bce52e06a9968701b067e (diff) | |
parent | 2489837213b90664aceebe4c9ac641bf167b8a97 (diff) |
Merge pull request #306 from phpmyadmin/security/295
Fix SQL Injection and Data Extraction with XS-Search
Diffstat (limited to 'libraries')
-rw-r--r-- | libraries/classes/Display/Results.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libraries/classes/Display/Results.php b/libraries/classes/Display/Results.php index 84de469c86..80120f20c8 100644 --- a/libraries/classes/Display/Results.php +++ b/libraries/classes/Display/Results.php @@ -5163,6 +5163,8 @@ class Results if (count($url_params) > 0 && (!empty($tmpdb) && !empty($meta->orgtable)) ) { + $url_params['where_clause_sign'] = Core::signSqlQuery($url_params['where_clause']); + $result = '<a href="tbl_get_field.php' . Url::getCommon($url_params) . '" class="disableAjax">' |