nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix for fixed possible XSS in database name - thanks to Omer Singer, The DigiTrust Group

Browse Source 
sorry ... should more test ... ;-)
This commit is contained in:
Sebastian Mendel
2007-11-09 21:24:40 +00:00
parent 0aa505cff7
commit 1f4db0aff0
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
libraries/List_Database.class.php
View File

@@ -383,10 +383,10 @@ require_once './libraries/List.class.php';
if (count($dbs) > 1) {
$return .= '<li>' . htmlspecialchars($group) . '<ul>' . "\n";
// wether display db_name cuted by the group part
$cut = htmlspecialchars($db['disp_name_cut']);
$cut = true;
} else {
// .. or full
$cut = htmlspecialchars($db['disp_name']);
$cut = false;
}
foreach ($dbs as $db) {
$return .= '<li';
@@ -399,7 +399,12 @@ require_once './libraries/List.class.php';
}
$return .= ' href="index.php?' . PMA_generate_common_url($db['name'])
. '" target="_parent">';
$return .= $cut .' (' . $db['num_tables'] . ')';
if ($cut) {
$return .= htmlspecialchars($db['disp_name_cut']);
} else {
$return .= htmlspecialchars($db['disp_name']);
}
$return .= ' (' . $db['num_tables'] . ')';
$return .= '</a></li>' . "\n";
}
if (count($dbs) > 1) {