bug #1603660, incorrect escaping
This commit is contained in:
@@ -5,6 +5,10 @@ phpMyAdmin - ChangeLog
|
||||
$Id$
|
||||
$Source$
|
||||
|
||||
2006-12-06 Marc Delisle <lem9@users.sourceforge.net>
|
||||
* libraries/import.lib.php, /common.lib.php: bug #1603660,
|
||||
incorrect escaping of ">"
|
||||
|
||||
2006-12-05 Marc Delisle <lem9@users.sourceforge.net>
|
||||
* server_privileges.php: Grant all privileges on wildcard name: we should
|
||||
really grant on username\_ instead of username_
|
||||
|
@@ -1572,7 +1572,7 @@ window.parent.updateTableTitle('<?php echo $uni_tbl; ?>', '<?php echo PMA_jsForm
|
||||
/* SQL-Parser-Analyzer */
|
||||
$query_base = preg_replace("@((\015\012)|(\015)|(\012))+@", $new_line, $query_base);
|
||||
} else {
|
||||
$query_base = htmlspecialchars($local_query);
|
||||
$query_base = $local_query;
|
||||
}
|
||||
|
||||
// Parse SQL if needed
|
||||
|
@@ -171,6 +171,9 @@ function PMA_importRunQuery($sql = '', $full = '')
|
||||
$sql_query_disabled = TRUE;
|
||||
}
|
||||
}
|
||||
if (! empty($sql_query)) {
|
||||
$sql_query = htmlspecialchars($sql_query);
|
||||
}
|
||||
}
|
||||
} // end do query (no skip)
|
||||
} // end buffer exists
|
||||
|
Reference in New Issue
Block a user