From f805097b86fabd3d4c8dff1f2324efdae1ca0d70 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Thu, 25 Nov 2010 11:50:50 +0100
Subject: [PATCH 1/4] bug #3115519: fixed XSS on search

---
 libraries/common.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index 610438c1e..b926e923d 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -1634,7 +1634,7 @@ function PMA_linkOrButton($url, $message, $tag_params = array(),
         $tmp = $tag_params;
         $tag_params = array();
         if (!empty($tmp)) {
-            $tag_params['onclick'] = 'return confirmLink(this, \'' . $tmp . '\')';
+            $tag_params['onclick'] = 'return confirmLink(this, \'' . PMA_escapeJsString($tmp) . '\')';
         }
         unset($tmp);
     }

From b1103e2db99405d032a230ed50f0b88b799605a3 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Fri, 26 Nov 2010 09:07:19 -0500
Subject: [PATCH 2/4] fix merge conflicts

---
 ChangeLog | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 65fed962e..41c784fce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - patch #3117535 [replication] Add quotes to database in initial statement,
   thanks to Craig Duncan - duncan3dc
 
+3.3.8.1 (2010-10-26)
+- bug #3115519 (private) [security] XSS on db search
+
 3.3.8.0 (2010-10-25)
 - bug #3059311 [import] BIGINT field type added to table analysis
 - [core] Update library PHPExcel to version 1.7.4
@@ -27,9 +30,6 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 3.3.7.0 (2010-09-07)
 - patch #3050492 [PDF scratchboard] Cannot drag table box to the edge after
   a page size increase, thanks to Martin Schönberger - mad05
-- bug #3054458 [core] Fixed displaying number of rows.
-- bug #3035300 [parser] Fixed wrong definition of keywords.
-- [setup] Fixed escaping of server name.
 
 3.3.6.0 (2010-08-28)
 - bug #3033063 [core] Navi gets wrong db name

From bc0b9fa744bd1b1a7ff460f728248e581ee106f0 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Mon, 29 Nov 2010 13:01:59 -0500
Subject: [PATCH 3/4] 3.3.8.1 correct release date and PMASA ref

---
 ChangeLog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 41c784fce..f25d22525 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,8 +14,8 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - patch #3117535 [replication] Add quotes to database in initial statement,
   thanks to Craig Duncan - duncan3dc
 
-3.3.8.1 (2010-10-26)
-- bug #3115519 (private) [security] XSS on db search
+3.3.8.1 (2010-11-29)
+- bug #3115519 (private) [security] XSS on db search, see PMASA-2010-8
 
 3.3.8.0 (2010-10-25)
 - bug #3059311 [import] BIGINT field type added to table analysis

From 2ba852dc5ca3dc9d2697ee29bd11ad61ab987553 Mon Sep 17 00:00:00 2001
From: Adnan <hiddenpearls@gmail.com>
Date: Thu, 9 Dec 2010 08:01:51 -0500
Subject: [PATCH 4/4] bug #3112614 [pdf schema] Scratchboard for PDF pages not
 working

---
 ChangeLog     | 1 +
 pdf_pages.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index f25d22525..dca7d9d66 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #1762306 [core] Copy database with view of a view
 - patch #3117535 [replication] Add quotes to database in initial statement,
   thanks to Craig Duncan - duncan3dc
+- bug #3112614 [pdf schema] Scratchboard for PDF pages not working
 
 3.3.8.1 (2010-11-29)
 - bug #3115519 (private) [security] XSS on db search, see PMASA-2010-8
diff --git a/pdf_pages.php b/pdf_pages.php
index 4ec060132..a196b9b47 100644
--- a/pdf_pages.php
+++ b/pdf_pages.php
@@ -351,7 +351,7 @@ foreach ($array_sh_page AS $key => $temp_sh_page) {
     $drag_y = $temp_sh_page['y'];
 
     $draginit2      .= ' Drag.init(getElement("table_' . $i . '"), null, 0, parseInt(myid.style.width)-2, 0, parseInt(myid.style.height)-5);' . "\n";
-    $draginit       .= '    getElement("table_' . $i . '").onDrag = function (x, y) { document.edcoord.elements["c_table_' . $i . '[x]"].value = parseInt(x); document.edcoord.elements["c_table_' . $i . '[y]"].value = parseInt(y) }' . "\n";
+    $draginit2      .= '    getElement("table_' . $i . '").onDrag = function (x, y) { document.edcoord.elements["c_table_' . $i . '[x]"].value = parseInt(x); document.edcoord.elements["c_table_' . $i . '[y]"].value = parseInt(y) }' . "\n";
     $draginit       .= '    getElement("table_' . $i . '").style.left = "' . $drag_x . 'px";' . "\n";
     $draginit       .= '    getElement("table_' . $i . '").style.top  = "' . $drag_y . 'px";' . "\n";
     $reset_draginit .= '    getElement("table_' . $i . '").style.left = "2px";' . "\n";