nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix XSS on table comment.

Browse Source
This commit is contained in:
Michal Čihař
2006-11-17 08:59:36 +00:00
parent fb9a3a598e
commit 609eaa7f75
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -8,6 +8,7 @@ $HeadURL$
2006-11-17 Michal Čihař <michal@cihar.com>
* sql.php, libraries/display_tbl.lib.php: Force pos to be integer to avoid
XSS.
* navigation.php: Fix XSS on table comment.
2006-11-16 Marc Delisle <lem9@users.sourceforge.net>
* pmd_pdf.php: export coordinates to PDF page even if the tables

4
navigation.php
View File

@@ -557,8 +557,8 @@ function PMA_displayTableList($tables, $visible = false,
}
echo ' id="icon_' . htmlspecialchars($table_db . '.' . $table['Name']) . '"'
.' width="10" height="10" alt="' . $GLOBALS['strBrowse'] . '" /></a>' . "\n"
.'<a href="' . $href . '" title="' . $table['Comment']
.' (' . PMA_formatNumber($table['Rows'], 0) . ' ' . $GLOBALS['strRows'] . ')"'
.'<a href="' . $href . '" title="' . htmlspecialchars($table['Comment']
.' (' . PMA_formatNumber($table['Rows'], 0) . ' ' . $GLOBALS['strRows']) . ')"'
.' id="' . htmlspecialchars($table_db . '.' . $table['Name']) . '">'
. htmlspecialchars($table['disp_name']) . '</a>';
echo '</li>' . "\n";