nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix XSS on dbname.

Browse Source
This commit is contained in:
Michal Čihař
2010-08-18 12:22:19 +02:00
parent 0fe30236fa
commit 8b8ce64792
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server_privileges.php
View File

@@ -1595,7 +1595,7 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
} else { } else {
echo ' - ' . $GLOBALS['strDatabase']; echo ' - ' . $GLOBALS['strDatabase'];
} }
$url_dbname = urlencode(str_replace('\_', '_', $dbname)); $url_dbname = htmlspecialchars(urlencode(str_replace('\_', '_', $dbname)));
echo ' <i><a href="' . $GLOBALS['cfg']['DefaultTabDatabase'] . '?' . $GLOBALS['url_query'] . '&amp;db=' . $url_dbname . '&amp;reload=1">' . htmlspecialchars($dbname) . '</a></i>' . "\n"; echo ' <i><a href="' . $GLOBALS['cfg']['DefaultTabDatabase'] . '?' . $GLOBALS['url_query'] . '&amp;db=' . $url_dbname . '&amp;reload=1">' . htmlspecialchars($dbname) . '</a></i>' . "\n";
if (isset($tablename) && strlen($tablename)) { if (isset($tablename) && strlen($tablename)) {
echo ' - ' . $GLOBALS['strTable'] . ' <i><a href="' . $GLOBALS['cfg']['DefaultTabTable'] . '?' . $GLOBALS['url_query'] . '&amp;db=' . $url_dbname . '&amp;table=' . urlencode($tablename) . '&amp;reload=1">' . htmlspecialchars($tablename) . '</a></i>' . "\n"; echo ' - ' . $GLOBALS['strTable'] . ' <i><a href="' . $GLOBALS['cfg']['DefaultTabTable'] . '?' . $GLOBALS['url_query'] . '&amp;db=' . $url_dbname . '&amp;table=' . urlencode($tablename) . '&amp;reload=1">' . htmlspecialchars($tablename) . '</a></i>' . "\n";
@@ -1841,14 +1841,14 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
. ' <td>'; . ' <td>';
printf($link_edit, urlencode($username), printf($link_edit, urlencode($username),
urlencode($hostname), urlencode($hostname),
urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname), htmlspecialchars(urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname)),
urlencode((! isset($dbname) || ! strlen($dbname)) ? '' : $row['Table_name'])); urlencode((! isset($dbname) || ! strlen($dbname)) ? '' : $row['Table_name']));
echo '</td>' . "\n" echo '</td>' . "\n"
. ' <td>'; . ' <td>';
if (! empty($row['can_delete']) || isset($row['Table_name']) && strlen($row['Table_name'])) { if (! empty($row['can_delete']) || isset($row['Table_name']) && strlen($row['Table_name'])) {
printf($link_revoke, urlencode($username), printf($link_revoke, urlencode($username),
urlencode($hostname), urlencode($hostname),
urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname), htmlspecialchars(urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname)),
urlencode((! isset($dbname) || ! strlen($dbname)) ? '' : $row['Table_name'])); urlencode((! isset($dbname) || ! strlen($dbname)) ? '' : $row['Table_name']));
} }
echo '</td>' . "\n" echo '</td>' . "\n"