Fix XSS (thanks to Jigal van Hemert)
This commit is contained in:
parent
71efbc545a
commit
037c547365
|
@ -38,7 +38,7 @@ var areYouSure = '<?php echo lang('Resend POST data?'); ?>';
|
|||
<?php } ?>
|
||||
<?php } ?>
|
||||
|
||||
<body class="<?php echo lang('ltr'); ?> nojs"<?php echo ($_POST ? "" : " onclick=\"return bodyClick(event, '" . js_escape(DB) . "', '" . js_escape($_GET["ns"]) . "');\""); // avoid re-post confirmation after refreshing the next page in Google Chrome ?> onkeydown="bodyKeydown(event);" onload="bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info, 0, 3) : ""); ?>');<?php echo (isset($_COOKIE["adminer_version"]) ? "" : " verifyVersion();"); ?>">
|
||||
<body class="<?php echo lang('ltr'); ?> nojs"<?php echo ($_POST ? "" : " onclick=\"return bodyClick(event, '" . h(js_escape(DB) . "', '" . js_escape($_GET["ns"])) . "');\""); // avoid re-post confirmation after refreshing the next page in Google Chrome ?> onkeydown="bodyKeydown(event);" onload="bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info, 0, 3) : ""); ?>');<?php echo (isset($_COOKIE["adminer_version"]) ? "" : " verifyVersion();"); ?>">
|
||||
<script type="text/javascript">
|
||||
document.body.className = document.body.className.replace(/(^|\s)nojs(\s|$)/, '$1js$2');
|
||||
</script>
|
||||
|
|
|
@ -130,7 +130,7 @@ function optionlist($options, $selected = null, $use_keys = false) {
|
|||
*/
|
||||
function html_select($name, $options, $value = "", $onchange = true) {
|
||||
if ($onchange) {
|
||||
return "<select name='" . h($name) . "'" . (is_string($onchange) ? " onchange=\"$onchange\"" : "") . ">" . optionlist($options, $value) . "</select>";
|
||||
return "<select name='" . h($name) . "'" . (is_string($onchange) ? ' onchange="' . h($onchange) . '"' : "") . ">" . optionlist($options, $value) . "</select>";
|
||||
}
|
||||
$return = "";
|
||||
foreach ($options as $key => $val) {
|
||||
|
@ -676,7 +676,7 @@ function input($field, $value, $function) {
|
|||
}
|
||||
$first++;
|
||||
}
|
||||
$onchange = ($first ? " onchange=\"var f = this.form['function[" . js_escape($name) . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
|
||||
$onchange = ($first ? " onchange=\"var f = this.form['function[" . h(js_escape($name)) . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
|
||||
$attrs .= $onchange;
|
||||
echo (count($functions) > 1 ? html_select("function[$name]", $functions, !isset($function) || in_array($function, $functions) || isset($functions[$function]) ? $function : "", "functionChange(this);") : nbsp(reset($functions))) . '<td>';
|
||||
$input = $adminer->editInput($_GET["edit"], $field, $attrs, $value); // usage in call is without a table
|
||||
|
|
|
@ -30,7 +30,7 @@ if ($_POST) {
|
|||
|
||||
<form action="" method="post" id="form">
|
||||
<table cellspacing="0">
|
||||
<tr><th><?php echo lang('Time'); ?><td><?php echo html_select("Timing", $trigger_options["Timing"], $row["Timing"], "if (/^" . h(preg_quote($TABLE, "/")) . "_[ba][iud]$/.test(this.form['Trigger'].value)) this.form['Trigger'].value = '" . h(js_escape($TABLE)) . "_' + selectValue(this).charAt(0).toLowerCase() + selectValue(this.form['Event']).charAt(0).toLowerCase();"); ?>
|
||||
<tr><th><?php echo lang('Time'); ?><td><?php echo html_select("Timing", $trigger_options["Timing"], $row["Timing"], "if (/^" . preg_quote($TABLE, "/") . "_[ba][iud]$/.test(this.form['Trigger'].value)) this.form['Trigger'].value = '" . js_escape($TABLE) . "_' + selectValue(this).charAt(0).toLowerCase() + selectValue(this.form['Event']).charAt(0).toLowerCase();"); ?>
|
||||
<tr><th><?php echo lang('Event'); ?><td><?php echo html_select("Event", $trigger_event, $row["Event"], "this.form['Timing'].onchange();"); ?>
|
||||
<tr><th><?php echo lang('Type'); ?><td><?php echo html_select("Type", $trigger_options["Type"], $row["Type"]); ?>
|
||||
</table>
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
Adminer 3.3.1-dev:
|
||||
Fix XSS introduced in Adminer 3.2.0
|
||||
Fix altering default values (PostgreSQL)
|
||||
Process list (PostgreSQL)
|
||||
|
||||
|
|
Loading…
Reference in a new issue