security fix
This commit is contained in:
Marc Delisle
@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
|
||||
$Id$
|
||||
$Source$
|
||||
|
||||
2005-10-20 Marc Delisle <lem9@users.sourceforge.net>
|
||||
* server_databases.php: security fix
|
||||
|
||||
2005-10-20 Alexander M. Turek <me@derrabus.de>
|
||||
* libraries/mysql_charsets.lib.php:
|
||||
- On MySQL 5.0.6, we don't have to parse SHOW CREATE DATABASE anymore,
|
||||
|
||||
@@ -134,6 +134,8 @@ foreach ($dblist AS $current_db) {
|
||||
// avoids 'undefined index' errors
|
||||
if (empty($sort_by)) {
|
||||
$sort_by = 'db_name';
|
||||
} else {
|
||||
$sort_by = PMA_sanitize($sort_by);
|
||||
}
|
||||
if (empty($sort_order)) {
|
||||
if ($sort_by == 'db_name') {
|
||||
@@ -141,6 +143,8 @@ if (empty($sort_order)) {
|
||||
} else {
|
||||
$sort_order = 'desc';
|
||||
}
|
||||
} else {
|
||||
$sort_order = PMA_sanitize($sort_order);
|
||||
}
|
||||
|
||||
// sorts the array
|
||||
|
||||
Reference in New Issue
Block a user