From b289fe082441dc739939b0ba15dae0d9dc6cee92 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Mon, 21 Nov 2011 17:53:10 -0500
Subject: [PATCH] [security] Self-XSS on database names (Synchronize), see
 PMASA-2011-18

---
 ChangeLog                            | 1 +
 libraries/server_synchronize.lib.php | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c4817ff03..e1bae5965 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,7 @@ phpMyAdmin - ChangeLog
 - bug #3439292 [core] Fail to synchronize column with name of keyword
 - bug #3425156 [interface] Add column after drop
 - [interface] Avoid showing the password in phpinfo()'s output
+- [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
 
 3.4.7.1 (2011-11-10)
 - [security] Fixed possible local file inclusion in XML import
diff --git a/libraries/server_synchronize.lib.php b/libraries/server_synchronize.lib.php
index c1b9159a7..53ad9d788 100644
--- a/libraries/server_synchronize.lib.php
+++ b/libraries/server_synchronize.lib.php
@@ -1335,7 +1335,7 @@ function PMA_syncDisplayHeaderSource($src_db) {
 
     echo '<table id="serverstatusconnections" class="data" width="55%">';
     echo '<tr>';
-    echo '<th>' . __('Source database') . ':  ' . $src_db . '<br />(';
+    echo '<th>' . __('Source database') . ':  ' . htmlspecialchars($src_db) . '<br />(';
     if ('cur' == $_SESSION['src_type']) {
         echo __('Current server');
     } else {
@@ -1358,7 +1358,7 @@ function PMA_syncDisplayHeaderSource($src_db) {
 function PMA_syncDisplayHeaderTargetAndMatchingTables($trg_db, $matching_tables) {
     echo '<table id="serverstatusconnections" class="data" width="43%">';
     echo '<tr>';
-    echo '<th>' . __('Target database') . ':  '. $trg_db . '<br />(';
+    echo '<th>' . __('Target database') . ':  '. htmlspecialchars($trg_db) . '<br />(';
     if ('cur' == $_SESSION['trg_type']) {
         echo __('Current server');
     } else {