it should not be possible to move or copy a table to information_schema

This commit is contained in:
Marc Delisle
2007-10-14 12:23:22 +00:00
parent ac69f1cad1
commit 95e7183664
3 changed files with 10 additions and 5 deletions

View File

@@ -28,6 +28,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
+ [lang] Croatian update, thanks to Renato Pavicic
- patch #1807615 [GUI] Display patch for column rights in Opera
- bug #1811519 Can't delete user with a german umlaut.
- it should not be possible to move or copy a table to information_schema
2.11.1.1 (not yet released)
- bug #1810629 [setup] XSS in setup.php, thanks to Omer Singer, The DigiTrust Group

View File

@@ -113,12 +113,13 @@
* returns HTML <option>-tags to be used inside <select></select>
*
* @uses PMA_List::$items to build up the option items
* @uses PMA_List::getDefault() to mark this as sleected if requested
* @uses PMA_List::getDefault() to mark this as selected if requested
* @uses htmlspecialchars() to escape items
* @param mixed $selected the selected db or true for selecting current db
* @param boolean $include_information_schema
* @return string HTML option tags
*/
function getHtmlOptions($selected = '')
function getHtmlOptions($selected = '', $include_information_schema = true)
{
if (true === $selected) {
$selected = $this->getDefault();
@@ -126,6 +127,9 @@
$options = '';
foreach ($this->items as $each_db) {
if (false === $include_information_schema && 'information_schema' === $each_db) {
continue;
}
$options .= '<option value="' . htmlspecialchars($each_db) . '"';
if ($selected === $each_db) {
$options .= ' selected="selected"';
@@ -154,4 +158,4 @@
*/
/* abstract public */ function build() {}
}
?>
?>

View File

@@ -197,7 +197,7 @@ unset($columns);
<fieldset id="fieldset_table_rename">
<legend><?php echo $strMoveTable; ?></legend>
<select name="target_db">
<?php echo $GLOBALS['PMA_List_Database']->getHtmlOptions(); ?>
<?php echo $GLOBALS['PMA_List_Database']->getHtmlOptions(true, false); ?>
</select>
&nbsp;<b>.</b>&nbsp;
<input type="text" size="20" name="new_name" onfocus="this.select()"
@@ -347,7 +347,7 @@ if (isset($auto_increment) && strlen($auto_increment) > 0
<fieldset>
<legend><?php echo $strCopyTable; ?></legend>
<select name="target_db">
<?php echo $GLOBALS['PMA_List_Database']->getHtmlOptions(true); ?>
<?php echo $GLOBALS['PMA_List_Database']->getHtmlOptions(true, false); ?>
</select>
&nbsp;<b>.</b>&nbsp;
<input type="text" size="20" name="new_name" onfocus="this.select()" /><br />