From b031606c08f5548b4295a0c1cf6282ce98c392f6 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Sat, 21 Jun 2008 13:16:05 +0000
Subject: [PATCH] adjust table comments protection to the updated advisory (db
 print view and db data dictionary)

---
 ChangeLog        | 2 +-
 db_datadict.php  | 2 +-
 db_printview.php | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f1a6f611b..1a88deba9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -80,7 +80,7 @@ danbarry
 - [structure] do not remove the BINARY attribute in drop-down
 - bug #1955386 [session] Overriding session.hash_bits_per_character 
 - [interface] sanitize the table comments in table print view, 
-  thanks to Norman Hippert
+  db print view and db data dictionary, thanks to Norman Hippert
 - bug #1939031 Auto_Increment selected for TimeStamp by Default
 - patch #1957998 [display] No tilde for InnoDB row counter when we know
   it for sure, thanks to Vladyslav Bakayev - dandy76
diff --git a/db_datadict.php b/db_datadict.php
index 6409ebef8..18086bb16 100644
--- a/db_datadict.php
+++ b/db_datadict.php
@@ -164,7 +164,7 @@ while ($row = PMA_DBI_fetch_assoc($rowset)) {
      * Displays the comments of the table if MySQL >= 3.23
      */
     if (!empty($show_comment)) {
-        echo $strTableComments . ': ' . $show_comment . '<br /><br />';
+        echo $strTableComments . ': ' . htmlspecialchars($show_comment) . '<br /><br />';
     }
 
     /**
diff --git a/db_printview.php b/db_printview.php
index ed9baac80..9b53f0cb4 100644
--- a/db_printview.php
+++ b/db_printview.php
@@ -166,7 +166,7 @@ else {
     <td>
         <?php
         if (! empty($sts_data['Comment'])) {
-            echo $sts_data['Comment'];
+            echo htmlspecialchars($sts_data['Comment']);
             $needs_break = '<br />';
         } else {
             $needs_break = '';