[security] possible XSRF on several pages

2008-12-09 13:45:32 +00:00
parent bc1c9a8267
commit 1511e8cf72
2 changed files with 2 additions and 1 deletions
--- a/1
+++ b/1
@@ -26,6 +26,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 + [lang] Catalan update, thanks to Xavier Navarro
 + [lang] Finnish update, thanks to Jouni Kahkonen
 - [core] Avoid error with BLOBstreaming support requiring SUPER privilege 
+- [security] possible XSRF on several pages

 3.1.0.0 (2008-11-28)
 + [auth] Support for Swekey hardware authentication,
--- a/libraries/db_table_exists.lib.php
+++ b/libraries/db_table_exists.lib.php
@@ -71,7 +71,7 @@ if (empty($is_table) && !defined('PMA_SUBMIT_MULT')) {
                 * @todo should this check really only happen if IS_TRANSFORMATION_WRAPPER?
                 */
                $_result = PMA_DBI_try_query(
-                    'SELECT COUNT(*) FROM `' . PMA_sqlAddslashes($table, true) . '`;',
+                    'SELECT COUNT(*) FROM ' . PMA_backquote($table) . ';',
                    null, PMA_DBI_QUERY_STORE);
                $is_table = ($_result && @PMA_DBI_num_rows($_result));
                PMA_DBI_free_result($_result);