nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] possible XSRF on several pages

Browse Source
This commit is contained in:
Michal Čihař
2008-12-09 13:45:32 +00:00
parent 1639051ec7
commit 0d4adbfc19
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -11,6 +11,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- [core] do not automatically set and create TempDir, it might lead to security - [core] do not automatically set and create TempDir, it might lead to security
issue (thanks to Thijs Kinkhorst) issue (thanks to Thijs Kinkhorst)
2.11.9.4 (2008-12-09)
- [security] possible XSRF on several pages
2.11.9.3 (2008-10-30) 2.11.9.3 (2008-10-30)
- [security] XSS in a Designer component - [security] XSS in a Designer component

2
libraries/db_table_exists.lib.php
View File

@@ -64,7 +64,7 @@ if (empty($is_table) && !defined('PMA_SUBMIT_MULT')) {
* @todo should this check really only happen if IS_TRANSFORMATION_WRAPPER? * @todo should this check really only happen if IS_TRANSFORMATION_WRAPPER?
*/ */
$_result = PMA_DBI_try_query( $_result = PMA_DBI_try_query(
'SELECT COUNT(*) FROM `' . PMA_sqlAddslashes($table, true) . '`;', 'SELECT COUNT(*) FROM ' . PMA_backquote($table) . ';',
null, PMA_DBI_QUERY_STORE); null, PMA_DBI_QUERY_STORE);
$is_table = ($_result && @PMA_DBI_num_rows($_result)); $is_table = ($_result && @PMA_DBI_num_rows($_result));
PMA_DBI_free_result($_result); PMA_DBI_free_result($_result);