nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security fixes

Browse Source
This commit is contained in:
Michal Čihař
2007-01-09 09:49:30 +00:00
parent c9d93f6394
commit 8fe835ac06
4 changed files with 26 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libraries/common.lib.php
View File

@@ -1408,7 +1408,7 @@ if (!defined('PMA_MINIMUM_COMMON')) {
'\'' => '\\\'',
"\n" => '\n',
"\r" => '\r',
'</script' => '<\' + \'script'));
'</script' => '</\' + \'script'));
}
/**
@@ -2946,7 +2946,7 @@ if (isset($_REQUEST['convcharset'])) {
/**
* @var string $db current selected database
*/
if (isset($_REQUEST['db'])) {
if (isset($_REQUEST['db']) && is_string($_REQUEST['db'])) {
// can we strip tags from this?
// only \ and / is not allowed in db names for MySQL
$GLOBALS['db'] = $_REQUEST['db'];
@@ -2958,7 +2958,7 @@ if (isset($_REQUEST['db'])) {
/**
* @var string $db current selected database
*/
if (isset($_REQUEST['table'])) {
if (isset($_REQUEST['table']) && is_string($_REQUEST['table'])) {
// can we strip tags from this?
// only \ and / is not allowed in table names for MySQL
$GLOBALS['table'] = $_REQUEST['table'];
@@ -2970,7 +2970,7 @@ if (isset($_REQUEST['table'])) {
/**
* @var string $sql_query sql query to be executed
*/
if (isset($_REQUEST['sql_query'])) {
if (isset($_REQUEST['sql_query']) && is_string($_REQUEST['sql_query'])) {
$GLOBALS['sql_query'] = $_REQUEST['sql_query'];
}