nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed possible XSS in database name - thanks to Omer Singer, The DigiTrust Group

Browse Source
This commit is contained in:
Sebastian Mendel
2007-11-09 19:27:37 +00:00
parent 01574baa55
commit 6225d4533a
2 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -7,6 +7,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
2.11.2.1 (not yet released) 2.11.2.1 (not yet released)
- fixed possible SQL injection using database name - fixed possible SQL injection using database name
- fixed possible XSS in database name - thanks to Omer Singer, The DigiTrust Group
2.11.2.0 (2007-10-27) 2.11.2.0 (2007-10-27)
- patch #1791576 HTTP auth: support REDIRECT_REMOTE_USER, thanks to Allard - patch #1791576 HTTP auth: support REDIRECT_REMOTE_USER, thanks to Allard

28
libraries/List_Database.class.php
View File

@@ -378,25 +378,29 @@ require_once './libraries/List.class.php';
$selected = $this->getDefault(); $selected = $this->getDefault();
} }
$return = '<ul id="databaseList" xml:lang="en" dir="ltr">' . "\n"; $return = '<ul id="databaseList" xml:lang="en" dir="ltr">' . "\n";
foreach ($this->getGroupedDetails($offset, $count) as $group => $dbs) { foreach ($this->getGroupedDetails($offset, $count) as $group => $dbs) {
if (count($dbs) > 1) { if (count($dbs) > 1) {
$return .= '<li>' . $group . '<ul>' . "\n"; $return .= '<li>' . htmlspecialchars($group) . '<ul>' . "\n";
// wether display db_name cuted by the group part // wether display db_name cuted by the group part
$cut = true; $cut = htmlspecialchars($db['disp_name_cut']);
} else { } else {
// .. or full // .. or full
$cut = false; $cut = htmlspecialchars($db['disp_name']);
} }
foreach ($dbs as $db) { foreach ($dbs as $db) {
$return .= '<li'; $return .= '<li';
if ($db['name'] == $selected) { if ($db['name'] == $selected) {
$return .= ' class="selected"'; $return .= ' class="selected"';
} }
$return .= '><a' . (! empty($db['comment']) ? ' title="' . $db['comment'] . '"' : '') . ' href="index.php?' . PMA_generate_common_url($db['name']) . '" target="_parent">'; $return .= '><a';
$return .= ($cut ? $db['disp_name_cut'] : $db['disp_name']) if (! empty($db['comment'])) {
.' (' . $db['num_tables'] . ')'; $return .= ' title="' . htmlspecialchars($db['comment']) . '"';
$return .= '</a></li>' . "\n"; }
$return .= ' href="index.php?' . PMA_generate_common_url($db['name'])
. '" target="_parent">';
$return .= $cut .' (' . $db['num_tables'] . ')';
$return .= '</a></li>' . "\n";
} }
if (count($dbs) > 1) { if (count($dbs) > 1) {
$return .= '</ul></li>' . "\n"; $return .= '</ul></li>' . "\n";