nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Force pos to be integer to avoid XSS.

Browse Source
This commit is contained in:
Michal Čihař
2006-11-17 08:47:26 +00:00
parent 1042770109
commit 6c06cb72d2
24 changed files with 166 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libraries/tbl_properties.inc.php
View File

@@ -43,7 +43,7 @@ function display_field_options(field_type, i) {
</script>
<?php } ?>
<form method="post" action="<?php echo $action; ?>" onsubmit="return checkTableEditForm(this, <?php echo $num_fields; ?>)" >
<form method="post" action="<?php echo $action; ?>">
<?php
echo PMA_generate_common_hidden_inputs($db, $table);
if ($action == 'tbl_create.php') {
@@ -673,7 +673,7 @@ if ($action == 'tbl_create.php') {
?>
<fieldset class="tblFooters">
<input type="submit" name="do_save_data" value="<?php echo $strSave; ?>" />
<input type="submit" name="do_save_data" value="<?php echo $strSave; ?>" onclick="return checkTableEditForm(this.form, <?php echo $num_fields; ?>)" />
<?php if ($action == 'tbl_create.php' || $action == 'tbl_addfield.php') { ?>
<?php echo $GLOBALS['strOr']; ?>
<?php echo sprintf( $strAddFields, '<input type="text" id="added_fields" name="added_fields" size="2" value="1" onfocus="this.select()" />' ); ?>