Fix XSS on table comment.

This commit is contained in:
Michal Čihař
2006-11-17 08:59:42 +00:00
parent 3ce5fa581f
commit 13ad3c2e14
2 changed files with 3 additions and 2 deletions

View File

@@ -8,6 +8,7 @@ $Source$
2006-11-17 Michal Čihař <michal@cihar.com>
* sql.php, libraries/display_tbl.lib.php: Force pos to be integer to avoid
XSS.
* left.php: Fix XSS on table comment.
2006-11-09 Marc Delisle <lem9@users.sourceforge.net>
### 2.9.1 released from MAINT_2_9_1

View File

@@ -533,8 +533,8 @@ function PMA_displayTableList($tables, $visible = false,
}
echo ' id="icon_' . htmlspecialchars($table_db . '.' . $table['Name']) . '"'
.' width="10" height="10" alt="' . $GLOBALS['strBrowse'] . '" /></a>' . "\n"
.'<a href="' . $href . '" title="' . $table['Comment']
.' (' . PMA_formatNumber($table['Rows'], 0) . ' ' . $GLOBALS['strRows'] . ')"'
.'<a href="' . $href . '" title="' . htmlspecialchars($table['Comment']
.' (' . PMA_formatNumber($table['Rows'], 0) . ' ' . $GLOBALS['strRows']) . ')"'
.' id="' . htmlspecialchars($table_db . '.' . $table['Name']) . '">'
. htmlspecialchars($table['disp_name']) . '</a>';
echo '</li>' . "\n";