[security] XSS: Insufficient output sanitizing in bookmarks

ChangeLog

@@ -15,6 +15,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #2809930 [setup] Notice: Undefined variable: k in setup/index.php
 - bug [features] Incorrect report of missing relational features 
 
+3.2.0.1 (2009-06-30)
+- [security] XSS: Insufficient output sanitizing in bookmarks 
+
 3.2.0.0 (2009-06-15)
 - [core] better support for vendor customisation (based on what Debian needs)
 + rfe #2127987 warn when session.gc_maxlifetime is less than cookie validity

libraries/common.lib.php

@@ -305,7 +305,7 @@ function PMA_formatSql($parsed_sql, $unparsed_sql = '')
     // well, not quite
     // first check for the SQL parser having hit an error
     if (PMA_SQP_isError()) {
-        return $parsed_sql;
+        return htmlspecialchars($parsed_sql['raw']); 
     }
     // then check for an array
     if (!is_array($parsed_sql)) {

sql.php

@@ -311,7 +311,7 @@ if (isset($GLOBALS['show_as_php']) || !empty($GLOBALS['validatequery'])) {
                 $table = '';
             }
             $active_page = $goto;
-            $message = PMA_Message::rawError($error);
+            $message = htmlspecialchars(PMA_Message::rawError($error));
             /**
              * Go to target path.
              */