diff --git a/ChangeLog b/ChangeLog
index 5d476c5ff..e639c955e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,8 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #1801919 [themes] Do not use NaviDatabaseNameColor for fieldset legend
- bug #1764735 [core] Designer: PDF error when deleting a table
- bug #1764195 [views] DROP button does not work on defective views
+- bug #1805773 [relations] browse foreign values: return values not escaped,
+ thanks to Alex Rambau
2.11.1.0 (2007-09-20)
diff --git a/browse_foreigners.php b/browse_foreigners.php
index f0c024dc1..d3c5bb9ee 100644
--- a/browse_foreigners.php
+++ b/browse_foreigners.php
@@ -246,7 +246,7 @@ if (is_array($foreignData['disp_row'])) {
.''
+ . htmlspecialchars(addslashes($key_ordered_current_key)) . '\'); return false;">'
.htmlspecialchars($key_ordered_current_key) . '' . ($key_ordered_current_equals_data ? '' : '');
?>
|
@@ -254,7 +254,7 @@ if (is_array($foreignData['disp_row'])) {
echo ($key_ordered_current_equals_data ? '' : '')
. ''
+ . md5($field) . '\', \'' . htmlspecialchars(addslashes($key_ordered_current_key)) . '\'); return false;">'
. $key_ordered_current_val . '' . ($key_ordered_current_equals_data ? '' : '');
?> |
@@ -266,7 +266,7 @@ if (is_array($foreignData['disp_row'])) {
echo ($val_ordered_current_equals_data ? '' : '')
. ''
+ . '\', \'' . htmlspecialchars(addslashes($val_ordered_current_key)) . '\'); return false;">'
. $val_ordered_current_val . '' . ($val_ordered_current_equals_data ? '' : '');
?> |
@@ -274,7 +274,7 @@ if (is_array($foreignData['disp_row'])) {
echo ($val_ordered_current_equals_data ? '' : '') . '' . htmlspecialchars($val_ordered_current_key)
+ . htmlspecialchars(addslashes($val_ordered_current_key)) . '\'); return false;">' . htmlspecialchars($val_ordered_current_key)
. '' . ($val_ordered_current_equals_data ? '' : '');
?> |