From 4b313daa7a9c70c64a50a1786a5350876cb48c49 Mon Sep 17 00:00:00 2001
From: Daniel Knittl-Frank <knittl89+git@googlemail.com>
Date: Mon, 20 Sep 2010 18:12:05 +0200
Subject: [PATCH] Fix persistent XSS in table browsing mode

$where_clause was used instead of escaped $where_clause_html. This would
only come into play when a string field was contained in the index (and
thus used in the where clause).

Signed-off-by: Daniel Knittl-Frank <knittl89+git@googlemail.com>
---
 libraries/display_tbl.lib.php       | 2 +-
 libraries/display_tbl_links.lib.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libraries/display_tbl.lib.php b/libraries/display_tbl.lib.php
index 55f6c4475..d5e234ab3 100755
--- a/libraries/display_tbl.lib.php
+++ b/libraries/display_tbl.lib.php
@@ -1488,7 +1488,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
         }
 
         if( !empty($where_clause) ) {
-            $vertical_display['where_clause'][$row_no] = '<input type="hidden" class="where_clause" value ="' . $where_clause . '" />';
+            $vertical_display['where_clause'][$row_no] = '<input type="hidden" class="where_clause" value ="' . $where_clause_html . '" />';
         }
         else {
             unset($vertical_display['where_clause'][$row_no]);
diff --git a/libraries/display_tbl_links.lib.php b/libraries/display_tbl_links.lib.php
index adf38b3c6..c1e30c137 100755
--- a/libraries/display_tbl_links.lib.php
+++ b/libraries/display_tbl_links.lib.php
@@ -58,6 +58,6 @@ if ($doWriteModifyAt == 'left') {
     }
 }
 if( !empty($where_clause)) {
-    echo '<input type="hidden" class="where_clause" value ="' . $where_clause . '" />';
+    echo '<input type="hidden" class="where_clause" value ="' . $where_clause_html . '" />';
 }
 ?>