From 25468cde6873a98d3b4e1f311a8f6b85b8cfcf7b Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Tue, 29 Mar 2005 21:11:31 +0000
Subject: [PATCH] XSS vuln on convcharset

---
 ChangeLog                |  3 +++
 libraries/common.lib.php | 54 ++++++++++++++++++++++------------------
 2 files changed, 33 insertions(+), 24 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index faad4953a..71f6c5ba2 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
 $Id$
 $Source$
 
+2005-03-29 Marc Delisle  <lem9@users.sourceforge.net>
+    * libraries/common.lib.php: XSS vulnerability on convcharset
+
 2005-03-29 Alexander M. Turek  <me@derrabus.de>
     * server_collations.php, libraries/mysql_charsets.lib.php: Don't offer
       unavailable collations (bug #1172517).
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index 9c2691135..4c5dab42c 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -157,6 +157,36 @@ require_once('./libraries/select_lang.lib.php');
  */
 require_once('./libraries/defines.lib.php');
 
+
+/**
+ * Sanitizes $message, taking into account our special codes
+ * for formatting
+ *
+ * @param   string   the message
+ *
+ * @return  string   the sanitized message
+ *
+ * @access  public
+ */
+function PMA_sanitize($message)
+{
+    $replace_pairs = array(
+        '<'     => '&lt;',
+        '>'     => '&gt;',
+        '[i]'   => '<i>',
+        '[/i]'  => '</i>',
+        '[b]'   => '<b>',
+        '[br]'  => '<br />',
+        '[/b]'  => '</b>',
+    );
+    return strtr($message, $replace_pairs);
+}
+
+// XSS
+if (isset($convcharset)) {
+    $convcharset = PMA_sanitize($convcharset);
+}
+
 if ($is_minimum_common == FALSE) {
     /**
      * Define $is_upload
@@ -1600,30 +1630,6 @@ if (typeof(window.parent) != 'undefined'
         }
     }
 
-    /**
-     * Sanitizes $message, taking into account our special codes
-     * for formatting
-     *
-     * @param   string   the message
-     *
-     * @return  string   the sanitized message
-     *
-     * @access  public
-     */
-    function PMA_sanitize($message)
-    {
-        $replace_pairs = array(
-            '<'     => '&lt;',
-            '>'     => '&gt;',
-            '[i]'   => '<i>',
-            '[/i]'  => '</i>',
-            '[b]'   => '<b>',
-            '[br]'  => '<br />',
-            '[/b]'  => '</b>',
-        );
-        return strtr($message, $replace_pairs);
-    }
-
     /**
      * Displays a message at the top of the "main" (right) frame
      *