Fix XSS on database comment, thanks to laurent gaffié.

This commit is contained in:
Michal Čihař
2006-11-18 19:33:17 +00:00
parent 7eb6cf3c34
commit 6215e201eb
2 changed files with 4 additions and 2 deletions

View File

@@ -9,6 +9,8 @@ $Source$
* Documentation.html, libraries/ip_allow_deny.lib.php: Define headers
which to trust in configuration, thanks for help with this to Christian
Schmidt, Peytz & Co.
* libraries/common.lib.php: Fix XSS on database comment, thanks to laurent
gaffié.
2006-11-18 Marc Delisle <lem9@users.sourceforge.net>
* index.php, libraries/common.lib.php: undefined index

View File

@@ -180,11 +180,11 @@ function PMA_getHtmlSelectDb($selected = '')
}
foreach ($dbs as $db) {
$return .= '<option value="' . $db['name'] . '"'
.' title="' . $db['comment'] . '"';
.' title="' . htmlspecialchars($db['comment']) . '"';
if ($db['name'] == $selected) {
$return .= ' selected="selected"';
}
$return .= '>' . ($cut ? $db['disp_name_cut'] : $db['disp_name'])
$return .= '>' . htmlspecialchars($cut ? $db['disp_name_cut'] : $db['disp_name'])
.' (' . $db['num_tables'] . ')</option>' . "\n";
}
if (count($dbs) > 1) {