From 79f778db99ac05e2028166d5a61ed25591e348c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Fri, 12 May 2006 14:33:29 +0000
Subject: [PATCH] Escape user input to avoid XSS.

---
 ChangeLog                | 3 +++
 libraries/footer.inc.php | 8 ++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index af7520aa8..8a5e40361 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
 $Id$
 $Source$
 
+2006-05-12 Michal Čihař  <michal@cihar.com>
+    * libraries/footer.inc.php: Escape user input to avoid XSS.
+
 2006-05-06 Michal Čihař  <michal@cihar.com>
     * Documentation.html: Describe better regullar expressions in hide_db
       (patch #1482049, thanks to Isaac Bennetch - ibennetch).
diff --git a/libraries/footer.inc.php b/libraries/footer.inc.php
index 8fefe120e..de7acbea5 100644
--- a/libraries/footer.inc.php
+++ b/libraries/footer.inc.php
@@ -25,7 +25,7 @@ if (! isset($GLOBALS['no_history']) && isset($GLOBALS['db'])
     $table = isset($GLOBALS['table']) ? $GLOBALS['table'] : ''; ?>
 // updates current settings
 if (window.parent.setAll) {
-    window.parent.setAll('<?php echo $GLOBALS['lang']; ?>', '<?php echo $GLOBALS['collation_connection']; ?>', '<?php echo $GLOBALS['server']; ?>', '<?php echo $GLOBALS['db']; ?>', '<?php echo $table; ?>');
+    window.parent.setAll('<?php echo $GLOBALS['lang']; ?>', '<?php echo htmlspecialchars($GLOBALS['collation_connection']); ?>', '<?php echo $GLOBALS['server']; ?>', '<?php echo htmlspecialchars($GLOBALS['db']); ?>', '<?php echo htmlspecialchars($table); ?>');
 }
 <?php } ?>
 
@@ -54,9 +54,9 @@ if (! isset($GLOBALS['no_history']) && empty($GLOBALS['error_message'])) {
 // set current db, table and sql query in the querywindow
 if (window.parent.refreshLeft) {
     window.parent.reload_querywindow(
-        "<?php echo isset($GLOBALS['db']) ? addslashes($GLOBALS['db']) : '' ?>",
-        "<?php echo isset($GLOBALS['table']) ? addslashes($GLOBALS['table']) : '' ?>",
-        "<?php echo isset($GLOBALS['sql_query']) ? urlencode($GLOBALS['sql_query']) : ''; ?>");
+        "<?php echo isset($GLOBALS['db']) ? htmlspecialchars(addslashes($GLOBALS['db'])) : '' ?>",
+        "<?php echo isset($GLOBALS['table']) ? htmlspecialchars(addslashes($GLOBALS['table'])) : '' ?>",
+        "<?php echo isset($GLOBALS['sql_query']) ? htmlspecialchars(urlencode($GLOBALS['sql_query'])) : ''; ?>");
 }
 <?php } ?>