nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Escape error message coming from MySQL to avoid XSS on bad parameters.

Browse Source
This commit is contained in:
Michal Čihař
2010-08-20 11:35:42 +02:00
parent 782b8b46be
commit 59b3b4916b
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/dbi/mysql.dbi.lib.php
View File

@@ -348,6 +348,8 @@ function PMA_DBI_getError($link = null)
$error_message = PMA_DBI_convert_message($error_message);
}
$error_message = htmlspecialchars($error_message);
// Some errors messages cannot be obtained by mysql_error()
if ($error_number == 2002) {
$error = '#' . ((string) $error_number) . ' - ' . $GLOBALS['strServerNotResponding'] . ' ' . $GLOBALS['strSocketProblem'];

2
libraries/dbi/mysqli.dbi.lib.php
View File

@@ -406,6 +406,8 @@ function PMA_DBI_getError($link = null)
$error_message = PMA_DBI_convert_message($error_message);
}
$error_message = htmlspecialchars($error_message);
if ($error_number == 2002) {
$error = '#' . ((string) $error_number) . ' - ' . $GLOBALS['strServerNotResponding'] . ' ' . $GLOBALS['strSocketProblem'];
} else {