nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix XSS on dbname.

Browse Source
This commit is contained in:
Michal Čihař
2010-08-18 12:07:45 +02:00
parent 2a1233b69c
commit 6028221d97
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server_privileges.php
View File

@@ -1600,7 +1600,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
if (isset($tablename)) { if (isset($tablename)) {
echo ' <i><a href="server_privileges.php?' . $GLOBALS['url_query'] echo ' <i><a href="server_privileges.php?' . $GLOBALS['url_query']
. '&amp;username=' . urlencode($username) . '&amp;hostname=' . urlencode($hostname) . '&amp;username=' . urlencode($username) . '&amp;hostname=' . urlencode($hostname)
. '&amp;dbname=' . $url_dbname . '&amp;tablename=">' . htmlspecialchars($dbname) . '</a></i>'; . '&amp;dbname=' . htmlspecialchars($url_dbname) . '&amp;tablename=">' . htmlspecialchars($dbname) . '</a></i>';
echo ' - ' . $GLOBALS['strTable'] . ' <i>' . htmlspecialchars($tablename) . '</i>'; echo ' - ' . $GLOBALS['strTable'] . ' <i>' . htmlspecialchars($tablename) . '</i>';
} else { } else {
echo ' <i>' . htmlspecialchars($dbname) . '</i>'; echo ' <i>' . htmlspecialchars($dbname) . '</i>';
@@ -1836,14 +1836,14 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
. ' <td>'; . ' <td>';
printf($link_edit, urlencode($username), printf($link_edit, urlencode($username),
urlencode($hostname), urlencode($hostname),
urlencode((! isset($dbname)) ? $row['Db'] : $dbname), urlencode((! isset($dbname)) ? $row['Db'] : htmlspecialchars($dbname)),
urlencode((! isset($dbname)) ? '' : $row['Table_name'])); urlencode((! isset($dbname)) ? '' : $row['Table_name']));
echo '</td>' . "\n" echo '</td>' . "\n"
. ' <td>'; . ' <td>';
if (! empty($row['can_delete']) || isset($row['Table_name']) && strlen($row['Table_name'])) { if (! empty($row['can_delete']) || isset($row['Table_name']) && strlen($row['Table_name'])) {
printf($link_revoke, urlencode($username), printf($link_revoke, urlencode($username),
urlencode($hostname), urlencode($hostname),
urlencode((! isset($dbname)) ? $row['Db'] : $dbname), urlencode((! isset($dbname)) ? $row['Db'] : htmlspecialchars($dbname)),
urlencode((! isset($dbname)) ? '' : $row['Table_name'])); urlencode((! isset($dbname)) ? '' : $row['Table_name']));
} }
echo '</td>' . "\n" echo '</td>' . "\n"