nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix merge conflicts

Browse Source
This commit is contained in:
Marc Delisle
2011-12-14 07:54:50 -05:00
parent c93200a5bc 0e707906e6
commit ba255de1b2
3 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -12,6 +12,8 @@ phpMyAdmin - ChangeLog
- bug #3449659 [navi] Fast filter broken with table tree - bug #3449659 [navi] Fast filter broken with table tree
- bug #3448485 [GUI] Firefox favicon frameset regression - bug #3448485 [GUI] Firefox favicon frameset regression
- [core] Better compatibility with mysql extension - [core] Better compatibility with mysql extension
- [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
3.4.8.0 (2011-12-01) 3.4.8.0 (2011-12-01)
- bug #3425230 [interface] enum data split at space char (more space to edit) - bug #3425230 [interface] enum data split at space char (more space to edit)

2
libraries/config/ConfigFile.class.php
View File

@@ -425,7 +425,7 @@ class ConfigFile
return htmlspecialchars($verbose); return htmlspecialchars($verbose);
} }
$host = $this->get("Servers/$id/host"); $host = $this->get("Servers/$id/host");
return empty($host) ? 'localhost' : $host; return empty($host) ? 'localhost' : htmlspecialchars($host);
} }
/** /**

6
libraries/display_export.lib.php
View File

@@ -150,10 +150,10 @@ if(isset($_GET['sql_query'])) {
echo '<label for ="radio_allrows_0">' . __('Dump some row(s)') . '</label>'; ?> echo '<label for ="radio_allrows_0">' . __('Dump some row(s)') . '</label>'; ?>
<ul> <ul>
<li><label for="limit_to"><?php echo __('Number of rows:') . '</label> <input type="text" id="limit_to" name="limit_to" size="5" value="' <li><label for="limit_to"><?php echo __('Number of rows:') . '</label> <input type="text" id="limit_to" name="limit_to" size="5" value="'
. ((isset($_GET['limit_to'])) ? $_GET['limit_to'] : ((isset($unlim_num_rows) ? $unlim_num_rows : PMA_Table::countRecords($db, $table)))) . ((isset($_GET['limit_to'])) ? htmlspecialchars($_GET['limit_to']) : ((isset($unlim_num_rows) ? $unlim_num_rows : PMA_Table::countRecords($db, $table))))
. '" onfocus="this.select()" />' ?></li> . '" onfocus="this.select()" />' ?></li>
<li><label for="limit_from"><?php echo __('Row to begin at:') . '</label> <input type="text" id="limit_from" name="limit_from" value="' <li><label for="limit_from"><?php echo __('Row to begin at:') . '</label> <input type="text" id="limit_from" name="limit_from" value="'
. ((isset($_GET['limit_from'])) ? $_GET['limit_from'] : '0') . ((isset($_GET['limit_from'])) ? htmlspecialchars($_GET['limit_from']) : '0')
. '" size="5" onfocus="this.select()" />'; ?></li> . '" size="5" onfocus="this.select()" />'; ?></li>
</ul> </ul>
</li> </li>
@@ -242,7 +242,7 @@ if(isset($_GET['sql_query'])) {
<?php <?php
echo ' value="'; echo ' value="';
if(isset($_GET['filename_template'])) { if(isset($_GET['filename_template'])) {
echo $_GET['filename_template']; echo htmlspecialchars($_GET['filename_template']);
} else { } else {
if ($export_type == 'database') { if ($export_type == 'database') {
echo htmlspecialchars($GLOBALS['PMA_Config']->getUserValue( echo htmlspecialchars($GLOBALS['PMA_Config']->getUserValue(