bug #1603660, incorrect escaping
This commit is contained in:
@@ -5,6 +5,10 @@ phpMyAdmin - ChangeLog
|
|||||||
$Id$
|
$Id$
|
||||||
$Source$
|
$Source$
|
||||||
|
|
||||||
|
2006-12-06 Marc Delisle <lem9@users.sourceforge.net>
|
||||||
|
* libraries/import.lib.php, /common.lib.php: bug #1603660,
|
||||||
|
incorrect escaping of ">"
|
||||||
|
|
||||||
2006-12-05 Marc Delisle <lem9@users.sourceforge.net>
|
2006-12-05 Marc Delisle <lem9@users.sourceforge.net>
|
||||||
* server_privileges.php: Grant all privileges on wildcard name: we should
|
* server_privileges.php: Grant all privileges on wildcard name: we should
|
||||||
really grant on username\_ instead of username_
|
really grant on username\_ instead of username_
|
||||||
|
@@ -1572,7 +1572,7 @@ window.parent.updateTableTitle('<?php echo $uni_tbl; ?>', '<?php echo PMA_jsForm
|
|||||||
/* SQL-Parser-Analyzer */
|
/* SQL-Parser-Analyzer */
|
||||||
$query_base = preg_replace("@((\015\012)|(\015)|(\012))+@", $new_line, $query_base);
|
$query_base = preg_replace("@((\015\012)|(\015)|(\012))+@", $new_line, $query_base);
|
||||||
} else {
|
} else {
|
||||||
$query_base = htmlspecialchars($local_query);
|
$query_base = $local_query;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Parse SQL if needed
|
// Parse SQL if needed
|
||||||
|
@@ -171,6 +171,9 @@ function PMA_importRunQuery($sql = '', $full = '')
|
|||||||
$sql_query_disabled = TRUE;
|
$sql_query_disabled = TRUE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (! empty($sql_query)) {
|
||||||
|
$sql_query = htmlspecialchars($sql_query);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} // end do query (no skip)
|
} // end do query (no skip)
|
||||||
} // end buffer exists
|
} // end buffer exists
|
||||||
|
Reference in New Issue
Block a user