Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/phpmyadmin/phpmyadmin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog3
-rw-r--r--js/tbl_gis_visualization.js2
-rw-r--r--libraries/rte/rte_triggers.lib.php12
3 files changed, 13 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index cc42ef3a02..7858655aaf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -61,6 +61,9 @@ VerboseMultiSubmit, ReplaceHelpImg
- bug #3540922 [edit] Error searching table with many fields
- bug #3555104 [edit] Cannot copy a DB with table & views
+3.5.2.2 (2012-08-12)
+- [security] Fixed XSS vulnerabilities, see PMASA-2012-4
+
3.5.2.1 (2012-08-03)
- [security] Fixed local path disclosure vulnerability, see PMASA-2012-3
diff --git a/js/tbl_gis_visualization.js b/js/tbl_gis_visualization.js
index 6ddc14d5ee..6fae5aa148 100644
--- a/js/tbl_gis_visualization.js
+++ b/js/tbl_gis_visualization.js
@@ -298,7 +298,7 @@ $(function() {
*/
$('.polygon, .multipolygon, .point, .multipoint, .linestring, .multilinestring, '
+ '.geometrycollection').live('mousemove', function(event) {
- contents = $.trim($(this).attr('name'));
+ contents = $.trim(escapeHtml($(this).attr('name')));
$("#tooltip").remove();
if (contents != '') {
$('<div id="tooltip">' + contents + '</div>').css({
diff --git a/libraries/rte/rte_triggers.lib.php b/libraries/rte/rte_triggers.lib.php
index c47554a673..29290a67f8 100644
--- a/libraries/rte/rte_triggers.lib.php
+++ b/libraries/rte/rte_triggers.lib.php
@@ -100,8 +100,12 @@ function PMA_TRI_handleEditor()
// 'Add a new item' mode
$result = PMA_DBI_try_query($item_query);
if (! $result) {
- $errors[] = sprintf(__('The following query has failed: "%s"'), $item_query) . '<br /><br />'
- . __('MySQL said: ') . PMA_DBI_getError(null);
+ $errors[] = sprintf(
+ __('The following query has failed: "%s"'),
+ htmlspecialchars($item_query)
+ )
+ . '<br /><br />'
+ . __('MySQL said: ') . PMA_DBI_getError(null);
} else {
$message = PMA_Message::success(__('Trigger %1$s has been created.'));
$message->addParam(PMA_CommonFunctions::getInstance()->backquote($_REQUEST['item_name']));
@@ -325,7 +329,9 @@ function PMA_TRI_getEditorForm($mode, $item)
} else if ($mode == 'edit' && $value == $item['item_table']) {
$selected = " selected='selected'";
}
- $retval .= " <option$selected>$value</option>\n";
+ $retval .= "<option$selected>";
+ $retval .= htmlspecialchars($value);
+ $retval .= "</option>\n";
}
$retval .= " </select>\n";
$retval .= " </td>\n";
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-08 07:21:00 +0300