port 2.11.7.1 fix
This commit is contained in:
Marc Delisle
@@ -399,7 +399,10 @@ if (! PMA_isValid($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['
|
||||
* List of parameters which are allowed from unsafe source
|
||||
*/
|
||||
$allow_list = array(
|
||||
'db', 'table', 'lang', 'server', 'convcharset', 'collation_connection', 'target',
|
||||
/* needed for direct access, see FAQ 1.34
|
||||
* also, server needed for cookie login screen (multi-server)
|
||||
*/
|
||||
'server', 'db', 'table', 'target',
|
||||
/* Session ID */
|
||||
'phpMyAdmin',
|
||||
/* Cookie preferences */
|
||||
|
||||
@@ -21,7 +21,7 @@ if ($is_create_db_priv) {
|
||||
<?php echo '<label for="text_create_db">' . $strCreateNewDatabase . '</label> ' . PMA_showMySQLDocu('SQL-Syntax', 'CREATE_DATABASE'); ?></strong><br />
|
||||
<?php echo PMA_generate_common_hidden_inputs('', '', 5); ?>
|
||||
<input type="hidden" name="reload" value="1" />
|
||||
<input type="text" name="db" value="<?php echo $db_to_create; ?>" maxlength="64" class="textfield" id="text_create_db"/>
|
||||
<input type="text" name="new_db" value="<?php echo $db_to_create; ?>" maxlength="64" class="textfield" id="text_create_db"/>
|
||||
<?php
|
||||
require_once './libraries/mysql_charsets.lib.php';
|
||||
echo PMA_generateCharsetDropdownBox(PMA_CSDROPDOWN_COLLATION, 'db_collation', null, null, TRUE, 5);
|
||||
|
||||
@@ -106,7 +106,8 @@ if (window.parent.setAll) {
|
||||
echo PMA_escapeJsString($GLOBALS['collation_connection']) . "', '";
|
||||
echo PMA_escapeJsString($GLOBALS['server']) . "', '";
|
||||
echo PMA_escapeJsString(PMA_ifSetOr($GLOBALS['db'], '')) . "', '";
|
||||
echo PMA_escapeJsString(PMA_ifSetOr($GLOBALS['table'], '')); ?>');
|
||||
echo PMA_escapeJsString(PMA_ifSetOr($GLOBALS['table'], '')) . "', '";
|
||||
echo PMA_escapeJsString($_SESSION[' PMA_token ']);?>');
|
||||
}
|
||||
<?php
|
||||
if (! empty($GLOBALS['reload'])) {
|
||||
|
||||
Reference in New Issue
Block a user