This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/libraries/classes/ThemeGenerator.php b/libraries/classes/ThemeGenerator.php | |
index 33c3d6d52b..15f219d9e1 100644 | |
--- a/libraries/classes/ThemeGenerator.php | |
+++ b/libraries/classes/ThemeGenerator.php | |
@@ -98,12 +98,19 @@ class ThemeGenerator | |
$common->createCommonFile($name); | |
$out['layout'] = $layout->createLayoutFile($post); | |
$nav->createNavigationFile($name); | |
- } else { | |
- trigger_error("The 'themes' directory is not writable by the webserver process. You must change permissions for the theme generator to be able to write the generated theme.", E_USER_ERROR); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From 98545d3e2ae3860e2010ff995c018ee6956d6c5d Mon Sep 17 00:00:00 2001 | |
From: William Desportes <williamdes@wdes.fr> | |
Date: Mon, 28 Oct 2019 22:09:44 +0100 | |
Subject: [PATCH] Security patch for Designer and Designer visual mode | |
Closes: https://github.com/phpmyadmin/phpmyadmin-security/issues/286 | |
--- | |
js/designer/move.js | 4 ++-- | |
templates/database/designer/database_tables.twig | 2 +- | |
2 files changed, 3 insertions(+), 3 deletions(-) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/libraries/server_privileges.lib.php b/libraries/server_privileges.lib.php | |
index 86c46ef6f7..1bf7b6e07b 100644 | |
--- a/libraries/server_privileges.lib.php | |
+++ b/libraries/server_privileges.lib.php | |
@@ -2448,7 +2448,7 @@ function PMA_getExtraDataForAjaxBehavior( | |
if (isset($_REQUEST['validate_username'])) { | |
$sql_query = "SELECT * FROM `mysql`.`user` WHERE `User` = '" | |
- . $_REQUEST['username'] . "';"; | |
+ . PMA_Util::sqlAddSlashes($_REQUEST['username']) . "';"; |