bug #1252124, XSS on table creation page

2005-08-04 19:25:14 +00:00
parent 6744dfb276
commit 053d90b601
2 changed files with 8 additions and 3 deletions
--- a/1
+++ b/1
@@ -25,6 +25,7 @@ $Source$
      thanks to Edward Rudd - urkle
    * db_details.php, tbl_query_box.php: patch #1250935, interface
      improvements, thanks to Sebastian Mendel
+    * tbl_create.php: bug #1252124, XSS on table creation page

 2005-08-02 Marc Delisle  <lem9@users.sourceforge.net>
    * server_privileges.php: patch #1249363, remove unneeded wordwrap(),
--- a/tbl_create.php
+++ b/tbl_create.php
@@ -7,12 +7,16 @@
 */
 require_once('./libraries/grab_globals.lib.php');
 $js_to_run = 'functions.js';
-require_once('./header.inc.php');
-
-// Check parameters

 require_once('./libraries/common.lib.php');

+if (isset($table)) {
+    $table = PMA_sanitize($table);
+}
+
+require_once('./header.inc.php');
+
+// Check parameters
 PMA_checkParameters(array('db', 'table'));

 /**