security fix
This commit is contained in:
Marc Delisle
@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
|
|||||||
$Id$
|
$Id$
|
||||||
$Source$
|
$Source$
|
||||||
|
|
||||||
|
2005-10-20 Marc Delisle <lem9@users.sourceforge.net>
|
||||||
|
* server_databases.php: security fix
|
||||||
|
|
||||||
2005-10-20 Alexander M. Turek <me@derrabus.de>
|
2005-10-20 Alexander M. Turek <me@derrabus.de>
|
||||||
* libraries/mysql_charsets.lib.php:
|
* libraries/mysql_charsets.lib.php:
|
||||||
- On MySQL 5.0.6, we don't have to parse SHOW CREATE DATABASE anymore,
|
- On MySQL 5.0.6, we don't have to parse SHOW CREATE DATABASE anymore,
|
||||||
|
|||||||
@@ -134,6 +134,8 @@ foreach ($dblist AS $current_db) {
|
|||||||
// avoids 'undefined index' errors
|
// avoids 'undefined index' errors
|
||||||
if (empty($sort_by)) {
|
if (empty($sort_by)) {
|
||||||
$sort_by = 'db_name';
|
$sort_by = 'db_name';
|
||||||
|
} else {
|
||||||
|
$sort_by = PMA_sanitize($sort_by);
|
||||||
}
|
}
|
||||||
if (empty($sort_order)) {
|
if (empty($sort_order)) {
|
||||||
if ($sort_by == 'db_name') {
|
if ($sort_by == 'db_name') {
|
||||||
@@ -141,6 +143,8 @@ if (empty($sort_order)) {
|
|||||||
} else {
|
} else {
|
||||||
$sort_order = 'desc';
|
$sort_order = 'desc';
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
$sort_order = PMA_sanitize($sort_order);
|
||||||
}
|
}
|
||||||
|
|
||||||
// sorts the array
|
// sorts the array
|
||||||
|
|||||||
Reference in New Issue
Block a user