From 053d90b6019959c3a503d6b12b9cd23dc31df2be Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Thu, 4 Aug 2005 19:25:14 +0000
Subject: [PATCH] bug #1252124, XSS on table creation page

---
 ChangeLog      |  1 +
 tbl_create.php | 10 +++++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8109bbc96..a669cd453 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,7 @@ $Source$
       thanks to Edward Rudd - urkle
     * db_details.php, tbl_query_box.php: patch #1250935, interface
       improvements, thanks to Sebastian Mendel
+    * tbl_create.php: bug #1252124, XSS on table creation page
 
 2005-08-02 Marc Delisle  <lem9@users.sourceforge.net>
     * server_privileges.php: patch #1249363, remove unneeded wordwrap(),
diff --git a/tbl_create.php b/tbl_create.php
index 9e30260a3..ad0c1258a 100644
--- a/tbl_create.php
+++ b/tbl_create.php
@@ -7,12 +7,16 @@
  */
 require_once('./libraries/grab_globals.lib.php');
 $js_to_run = 'functions.js';
-require_once('./header.inc.php');
-
-// Check parameters
 
 require_once('./libraries/common.lib.php');
 
+if (isset($table)) {
+    $table = PMA_sanitize($table);
+}
+
+require_once('./header.inc.php');
+
+// Check parameters
 PMA_checkParameters(array('db', 'table'));
 
 /**