File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -5,7 +5,7 @@ phpMyAdmin - ChangeLog
55- issue #17842 Change js.cookie.js to js.cookie.min.js
66- issue #17632 Improve tab keypress to text fields on the login form
77
8- 5.2.1 (not yet released )
8+ 5.2.1 (2023-02-07 )
99- issue #17522 Fix case where the routes cache file is invalid
1010- issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick
1111- issue Fix blank page when some error occurs
@@ -88,6 +88,7 @@ phpMyAdmin - ChangeLog
8888- issue Fix silent JSON parse error on upload progress
8989- issue #17833 Fix "Add Parameter" button not working for Add Routine Screen
9090- issue #17365 Fixed "Uncaught Error: regexp too big" on server status variables page
91+ - issue [security] Fix an XSS attack through the drag-and-drop upload feature (PMASA-2023-01)
9192
92935.2.0 (2022-05-10)
9394- issue #16521 Upgrade Bootstrap to version 5
Original file line number Diff line number Diff line change @@ -134,7 +134,7 @@ var DragDropImport = {
134134 var filename = $this . parent ( 'span' ) . attr ( 'data-filename' ) ;
135135 $ ( 'body' ) . append ( '<div class="pma_drop_result"><h2>' +
136136 window . Messages . dropImportImportResultHeader + ' - ' +
137- filename + '<span class="close">x</span></h2>' + value . message + '</div>' ) ;
137+ Functions . escapeHtml ( filename ) + '<span class="close">x</span></h2>' + value . message + '</div>' ) ;
138138 $ ( '.pma_drop_result' ) . draggable ( ) ; // to make this dialog draggable
139139 }
140140 } ) ;
You can’t perform that action at this time.
0 commit comments