nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1805773 [relations] browse foreign values: return values not escaped

Browse Source
This commit is contained in:
Marc Delisle
2007-10-02 16:49:32 +00:00
parent 43bd2d44bd
commit 2c148cf3fa
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -16,6 +16,8 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #1801919 [themes] Do not use NaviDatabaseNameColor for fieldset legend
- bug #1764735 [core] Designer: PDF error when deleting a table
- bug #1764195 [views] DROP button does not work on defective views
- bug #1805773 [relations] browse foreign values: return values not escaped,
thanks to Alex Rambau
2.11.1.0 (2007-09-20)

8
browse_foreigners.php
View File

@@ -246,7 +246,7 @@ if (is_array($foreignData['disp_row'])) {
.'<a href="#" title="' . $strUseThisValue
. ($key_ordered_current_val_title != '' ? ': ' . $key_ordered_current_val_title : '') . '"'
.' onclick="formupdate(\'' . md5($field) . '\', \''
. htmlspecialchars($key_ordered_current_key) . '\'); return false;">'
. htmlspecialchars(addslashes($key_ordered_current_key)) . '\'); return false;">'
.htmlspecialchars($key_ordered_current_key) . '</a>' . ($key_ordered_current_equals_data ? '</b>' : '');
?></td>
<td>
@@ -254,7 +254,7 @@ if (is_array($foreignData['disp_row'])) {
echo ($key_ordered_current_equals_data ? '<b>' : '')
. '<a href="#" title="' . $strUseThisValue . ($key_ordered_current_val_title != '' ? ': '
. $key_ordered_current_val_title : '') . '" onclick="formupdate(\''
. md5($field) . '\', \'' . htmlspecialchars($key_ordered_current_key) . '\'); return false;">'
. md5($field) . '\', \'' . htmlspecialchars(addslashes($key_ordered_current_key)) . '\'); return false;">'
. $key_ordered_current_val . '</a>' . ($key_ordered_current_equals_data ? '</b>' : '');
?></td>
<td width="20%">
@@ -266,7 +266,7 @@ if (is_array($foreignData['disp_row'])) {
echo ($val_ordered_current_equals_data ? '<b>' : '')
. '<a href="#" title="' . $strUseThisValue . ($val_ordered_current_val_title != '' ? ': '
. $val_ordered_current_val_title : '') . '" onclick="formupdate(\'' . md5($field)
. '\', \'' . htmlspecialchars($val_ordered_current_key) . '\'); return false;">'
. '\', \'' . htmlspecialchars(addslashes($val_ordered_current_key)) . '\'); return false;">'
. $val_ordered_current_val . '</a>' . ($val_ordered_current_equals_data ? '</b>' : '');
?></td>
<td nowrap="nowrap">
@@ -274,7 +274,7 @@ if (is_array($foreignData['disp_row'])) {
echo ($val_ordered_current_equals_data ? '<b>' : '') . '<a href="#" title="'
. $strUseThisValue . ($val_ordered_current_val_title != '' ? ': ' . $val_ordered_current_val_title : '')
. '" onclick="formupdate(\'' . md5($field) . '\', \''
. htmlspecialchars($val_ordered_current_key) . '\'); return false;">' . htmlspecialchars($val_ordered_current_key)
. htmlspecialchars(addslashes($val_ordered_current_key)) . '\'); return false;">' . htmlspecialchars($val_ordered_current_key)
. '</a>' . ($val_ordered_current_equals_data ? '</b>' : '');
?></td>
</tr>