bug #1603660, incorrect escaping

2006-12-06 17:32:12 +00:00
parent cbfb0eb56c
commit 954c57da69
3 changed files with 8 additions and 1 deletions
--- a/4
+++ b/4
@@ -5,6 +5,10 @@ phpMyAdmin - ChangeLog
 $Id$
 $Source$

+2006-12-06 Marc Delisle  <lem9@users.sourceforge.net>
+    * libraries/import.lib.php, /common.lib.php: bug #1603660, 
+      incorrect escaping of ">"
+
 2006-12-05 Marc Delisle  <lem9@users.sourceforge.net>
    * server_privileges.php: Grant all privileges on wildcard name: we should
      really grant on username\_ instead of username_
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -1572,7 +1572,7 @@ window.parent.updateTableTitle('<?php echo $uni_tbl; ?>', '<?php echo PMA_jsForm
                 /* SQL-Parser-Analyzer */
                $query_base = preg_replace("@((\015\012)|(\015)|(\012))+@", $new_line, $query_base);
            } else {
-                $query_base = htmlspecialchars($local_query);
+                $query_base = $local_query;
            }

            // Parse SQL if needed
--- a/libraries/import.lib.php
+++ b/libraries/import.lib.php
@@ -171,6 +171,9 @@ function PMA_importRunQuery($sql = '', $full = '')
                        $sql_query_disabled = TRUE;
                    }
                }
+                if (! empty($sql_query)) {
+                    $sql_query = htmlspecialchars($sql_query);
+                }
            }
        } // end do query (no skip)
    } // end buffer exists