nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix XSS on database comment, thanks to laurent gaffié.

Browse Source
This commit is contained in:
Michal Čihař
2006-11-18 19:33:20 +00:00
parent 75a326187b
commit b96715b12d
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -9,6 +9,8 @@ $HeadURL$
* Documentation.html, libraries/ip_allow_deny.lib.php: Define headers * Documentation.html, libraries/ip_allow_deny.lib.php: Define headers
which to trust in configuration, thanks for help with this to Christian which to trust in configuration, thanks for help with this to Christian
Schmidt, Peytz & Co. Schmidt, Peytz & Co.
* libraries/PMA_List_Database.class.php: Fix XSS on database comment,
thanks to laurent gaffié.
2006-11-18 Marc Delisle <lem9@users.sourceforge.net> 2006-11-18 Marc Delisle <lem9@users.sourceforge.net>
* index.php, libraries/common.lib.php, /cleanup.lib.php: undefined index * index.php, libraries/common.lib.php, /cleanup.lib.php: undefined index

6
libraries/PMA_List_Database.class.php
View File

@@ -424,12 +424,12 @@ require_once './libraries/PMA_List.class.php';
$cut = false; $cut = false;
} }
foreach ($dbs as $db) { foreach ($dbs as $db) {
$return .= '<option value="' . $db['name'] . '"' $return .= '<option value="' . htmlspecialchars($db['name']) . '"'
.' title="' . $db['comment'] . '"'; .' title="' . htmlspecialchars($db['comment']) . '"';
if ($db['name'] == $selected) { if ($db['name'] == $selected) {
$return .= ' selected="selected"'; $return .= ' selected="selected"';
} }
$return .= '>' . ($cut ? $db['disp_name_cut'] : $db['disp_name']) $return .= '>' . htmlspecialchars($cut ? $db['disp_name_cut'] : $db['disp_name'])
.' (' . $db['num_tables'] . ')</option>' . "\n"; .' (' . $db['num_tables'] . ')</option>' . "\n";
} }
if (count($dbs) > 1) { if (count($dbs) > 1) {