bug #1805773 [relations] browse foreign values: return values not escaped
This commit is contained in:
@@ -16,6 +16,8 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
|
|||||||
- bug #1801919 [themes] Do not use NaviDatabaseNameColor for fieldset legend
|
- bug #1801919 [themes] Do not use NaviDatabaseNameColor for fieldset legend
|
||||||
- bug #1764735 [core] Designer: PDF error when deleting a table
|
- bug #1764735 [core] Designer: PDF error when deleting a table
|
||||||
- bug #1764195 [views] DROP button does not work on defective views
|
- bug #1764195 [views] DROP button does not work on defective views
|
||||||
|
- bug #1805773 [relations] browse foreign values: return values not escaped,
|
||||||
|
thanks to Alex Rambau
|
||||||
|
|
||||||
2.11.1.0 (2007-09-20)
|
2.11.1.0 (2007-09-20)
|
||||||
|
|
||||||
|
@@ -246,7 +246,7 @@ if (is_array($foreignData['disp_row'])) {
|
|||||||
.'<a href="#" title="' . $strUseThisValue
|
.'<a href="#" title="' . $strUseThisValue
|
||||||
. ($key_ordered_current_val_title != '' ? ': ' . $key_ordered_current_val_title : '') . '"'
|
. ($key_ordered_current_val_title != '' ? ': ' . $key_ordered_current_val_title : '') . '"'
|
||||||
.' onclick="formupdate(\'' . md5($field) . '\', \''
|
.' onclick="formupdate(\'' . md5($field) . '\', \''
|
||||||
. htmlspecialchars($key_ordered_current_key) . '\'); return false;">'
|
. htmlspecialchars(addslashes($key_ordered_current_key)) . '\'); return false;">'
|
||||||
.htmlspecialchars($key_ordered_current_key) . '</a>' . ($key_ordered_current_equals_data ? '</b>' : '');
|
.htmlspecialchars($key_ordered_current_key) . '</a>' . ($key_ordered_current_equals_data ? '</b>' : '');
|
||||||
?></td>
|
?></td>
|
||||||
<td>
|
<td>
|
||||||
@@ -254,7 +254,7 @@ if (is_array($foreignData['disp_row'])) {
|
|||||||
echo ($key_ordered_current_equals_data ? '<b>' : '')
|
echo ($key_ordered_current_equals_data ? '<b>' : '')
|
||||||
. '<a href="#" title="' . $strUseThisValue . ($key_ordered_current_val_title != '' ? ': '
|
. '<a href="#" title="' . $strUseThisValue . ($key_ordered_current_val_title != '' ? ': '
|
||||||
. $key_ordered_current_val_title : '') . '" onclick="formupdate(\''
|
. $key_ordered_current_val_title : '') . '" onclick="formupdate(\''
|
||||||
. md5($field) . '\', \'' . htmlspecialchars($key_ordered_current_key) . '\'); return false;">'
|
. md5($field) . '\', \'' . htmlspecialchars(addslashes($key_ordered_current_key)) . '\'); return false;">'
|
||||||
. $key_ordered_current_val . '</a>' . ($key_ordered_current_equals_data ? '</b>' : '');
|
. $key_ordered_current_val . '</a>' . ($key_ordered_current_equals_data ? '</b>' : '');
|
||||||
?></td>
|
?></td>
|
||||||
<td width="20%">
|
<td width="20%">
|
||||||
@@ -266,7 +266,7 @@ if (is_array($foreignData['disp_row'])) {
|
|||||||
echo ($val_ordered_current_equals_data ? '<b>' : '')
|
echo ($val_ordered_current_equals_data ? '<b>' : '')
|
||||||
. '<a href="#" title="' . $strUseThisValue . ($val_ordered_current_val_title != '' ? ': '
|
. '<a href="#" title="' . $strUseThisValue . ($val_ordered_current_val_title != '' ? ': '
|
||||||
. $val_ordered_current_val_title : '') . '" onclick="formupdate(\'' . md5($field)
|
. $val_ordered_current_val_title : '') . '" onclick="formupdate(\'' . md5($field)
|
||||||
. '\', \'' . htmlspecialchars($val_ordered_current_key) . '\'); return false;">'
|
. '\', \'' . htmlspecialchars(addslashes($val_ordered_current_key)) . '\'); return false;">'
|
||||||
. $val_ordered_current_val . '</a>' . ($val_ordered_current_equals_data ? '</b>' : '');
|
. $val_ordered_current_val . '</a>' . ($val_ordered_current_equals_data ? '</b>' : '');
|
||||||
?></td>
|
?></td>
|
||||||
<td nowrap="nowrap">
|
<td nowrap="nowrap">
|
||||||
@@ -274,7 +274,7 @@ if (is_array($foreignData['disp_row'])) {
|
|||||||
echo ($val_ordered_current_equals_data ? '<b>' : '') . '<a href="#" title="'
|
echo ($val_ordered_current_equals_data ? '<b>' : '') . '<a href="#" title="'
|
||||||
. $strUseThisValue . ($val_ordered_current_val_title != '' ? ': ' . $val_ordered_current_val_title : '')
|
. $strUseThisValue . ($val_ordered_current_val_title != '' ? ': ' . $val_ordered_current_val_title : '')
|
||||||
. '" onclick="formupdate(\'' . md5($field) . '\', \''
|
. '" onclick="formupdate(\'' . md5($field) . '\', \''
|
||||||
. htmlspecialchars($val_ordered_current_key) . '\'); return false;">' . htmlspecialchars($val_ordered_current_key)
|
. htmlspecialchars(addslashes($val_ordered_current_key)) . '\'); return false;">' . htmlspecialchars($val_ordered_current_key)
|
||||||
. '</a>' . ($val_ordered_current_equals_data ? '</b>' : '');
|
. '</a>' . ($val_ordered_current_equals_data ? '</b>' : '');
|
||||||
?></td>
|
?></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
Reference in New Issue
Block a user