nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] XSS and SQL injection

Browse Source
This commit is contained in:
Marc Delisle
2009-10-12 21:47:40 +00:00
parent 7c4dfc3ed7
commit 18fd6b9049
5 changed files with 24 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
db_structure.php
View File

@@ -387,7 +387,7 @@ foreach ($tables as $keyname => $each_table) {
$row_count++;
if ($table_is_view) {
$hidden_fields[] = '<input type="hidden" name="views[]" value="' . $each_table['TABLE_NAME'] . '" />';
$hidden_fields[] = '<input type="hidden" name="views[]" value="' . htmlspecialchars($each_table['TABLE_NAME']) . '" />';
}
if ($each_table['TABLE_ROWS'] > 0) {
@@ -433,7 +433,7 @@ foreach ($tables as $keyname => $each_table) {
<tr class="<?php echo $odd_row ? 'odd' : 'even'; $odd_row = ! $odd_row; ?>">
<td align="center">
<input type="checkbox" name="selected_tbl[]"
value="<?php echo $each_table['TABLE_NAME']; ?>"
value="<?php echo htmlspecialchars($each_table['TABLE_NAME']); ?>"
id="checkbox_tbl_<?php echo $i; ?>"<?php echo $checked; ?> /></td>
<th><label for="checkbox_tbl_<?php echo $i; ?>"
title="<?php echo $alias; ?>"><?php echo $truename; ?></label>