nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix XSS on table comment.

Browse Source
This commit is contained in:
Michal Čihař
2006-11-17 08:59:43 +00:00
parent 894c436e82
commit 59d245f36a
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -8,6 +8,7 @@ $Source$
2006-11-17 Michal Čihař <michal@cihar.com> 2006-11-17 Michal Čihař <michal@cihar.com>
* sql.php, libraries/display_tbl.lib.php: Force pos to be integer to avoid * sql.php, libraries/display_tbl.lib.php: Force pos to be integer to avoid
XSS. XSS.
* left.php: Fix XSS on table comment.
2006-11-09 Marc Delisle <lem9@users.sourceforge.net> 2006-11-09 Marc Delisle <lem9@users.sourceforge.net>
### 2.9.1 released from MAINT_2_9_1 ### 2.9.1 released from MAINT_2_9_1

4
left.php
View File

@@ -533,8 +533,8 @@ function PMA_displayTableList($tables, $visible = false,
} }
echo ' id="icon_' . htmlspecialchars($table_db . '.' . $table['Name']) . '"' echo ' id="icon_' . htmlspecialchars($table_db . '.' . $table['Name']) . '"'
.' width="10" height="10" alt="' . $GLOBALS['strBrowse'] . '" /></a>' . "\n" .' width="10" height="10" alt="' . $GLOBALS['strBrowse'] . '" /></a>' . "\n"
.'<a href="' . $href . '" title="' . $table['Comment'] .'<a href="' . $href . '" title="' . htmlspecialchars($table['Comment']
.' (' . PMA_formatNumber($table['Rows'], 0) . ' ' . $GLOBALS['strRows'] . ')"' .' (' . PMA_formatNumber($table['Rows'], 0) . ' ' . $GLOBALS['strRows']) . ')"'
.' id="' . htmlspecialchars($table_db . '.' . $table['Name']) . '">' .' id="' . htmlspecialchars($table_db . '.' . $table['Name']) . '">'
. htmlspecialchars($table['disp_name']) . '</a>'; . htmlspecialchars($table['disp_name']) . '</a>';
echo '</li>' . "\n"; echo '</li>' . "\n";