From 2a1233b69ccc6c64819c2840ca5277c2dde0b9e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Wed, 18 Aug 2010 12:05:32 +0200
Subject: [PATCH] Fix XSS on checkprivs.

---
 server_privileges.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server_privileges.php b/server_privileges.php
index fd2796f2d..93cab9544 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -2150,7 +2150,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
 
     // Offer to create a new user for the current database
     echo '<fieldset id="fieldset_add_user">' . "\n"
-       . '    <a href="server_privileges.php?' . $GLOBALS['url_query'] . '&amp;adduser=1&amp;dbname=' . $checkprivs .'">' . "\n"
+       . '    <a href="server_privileges.php?' . $GLOBALS['url_query'] . '&amp;adduser=1&amp;dbname=' . htmlspecialchars($checkprivs) .'">' . "\n"
        . PMA_getIcon('b_usradd.png')
        . '        ' . $GLOBALS['strAddUser'] . '</a>' . "\n"
        . '</fieldset>' . "\n";