nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix XSS on database comment, thanks to laurent gaffié.

Browse Source
This commit is contained in:
Michal Čihař
2006-11-18 19:33:17 +00:00
parent 7eb6cf3c34
commit 6215e201eb
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -9,6 +9,8 @@ $Source$
* Documentation.html, libraries/ip_allow_deny.lib.php: Define headers * Documentation.html, libraries/ip_allow_deny.lib.php: Define headers
which to trust in configuration, thanks for help with this to Christian which to trust in configuration, thanks for help with this to Christian
Schmidt, Peytz & Co. Schmidt, Peytz & Co.
* libraries/common.lib.php: Fix XSS on database comment, thanks to laurent
gaffié.
2006-11-18 Marc Delisle <lem9@users.sourceforge.net> 2006-11-18 Marc Delisle <lem9@users.sourceforge.net>
* index.php, libraries/common.lib.php: undefined index * index.php, libraries/common.lib.php: undefined index

4
libraries/common.lib.php
View File

@@ -180,11 +180,11 @@ function PMA_getHtmlSelectDb($selected = '')
} }
foreach ($dbs as $db) { foreach ($dbs as $db) {
$return .= '<option value="' . $db['name'] . '"' $return .= '<option value="' . $db['name'] . '"'
.' title="' . $db['comment'] . '"'; .' title="' . htmlspecialchars($db['comment']) . '"';
if ($db['name'] == $selected) { if ($db['name'] == $selected) {
$return .= ' selected="selected"'; $return .= ' selected="selected"';
} }
$return .= '>' . ($cut ? $db['disp_name_cut'] : $db['disp_name']) $return .= '>' . htmlspecialchars($cut ? $db['disp_name_cut'] : $db['disp_name'])
.' (' . $db['num_tables'] . ')</option>' . "\n"; .' (' . $db['num_tables'] . ')</option>' . "\n";
} }
if (count($dbs) > 1) { if (count($dbs) > 1) {