From bc45a1048d2f5ca8a532f774ddb1dd80985dff3d Mon Sep 17 00:00:00 2001
From: Rouslan Placella <rouslan@placella.com>
Date: Tue, 22 Nov 2011 12:38:22 -0500
Subject: [PATCH] [security] Self-XSS on column type (Create index), see
 PMASA-2011-18

---
 ChangeLog       | 1 +
 tbl_indexes.php | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index be1e9ead4..f7eb3e5d8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,7 @@ phpMyAdmin - ChangeLog
 - [interface] Avoid showing the password in phpinfo()'s output
 - [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
 - [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
+- [security] Self-XSS on column type (Create index), see PMASA-2011-18
 
 3.4.7.1 (2011-11-10)
 - [security] Fixed possible local file inclusion in XML import
diff --git a/tbl_indexes.php b/tbl_indexes.php
index 54923a0f8..ac3238721 100644
--- a/tbl_indexes.php
+++ b/tbl_indexes.php
@@ -200,7 +200,7 @@ foreach ($index->getColumns() as $column) {
          || preg_match('/(char|text)/i', $field_type)) {
             echo '<option value="' . htmlspecialchars($field_name) . '"'
                  . (($field_name == $column->getName()) ? ' selected="selected"' : '') . '>'
-                 . htmlspecialchars($field_name) . ' [' . $field_type . ']'
+                 . htmlspecialchars($field_name) . ' [' . htmlspecialchars($field_type) . ']'
                  . '</option>' . "\n";
         }
     } // end foreach $fields
@@ -222,7 +222,7 @@ for ($i = 0; $i < $add_fields; $i++) {
     <?php
     foreach ($fields as $field_name => $field_type) {
         echo '<option value="' . htmlspecialchars($field_name) . '">'
-             . htmlspecialchars($field_name) . ' [' . $field_type . ']'
+             . htmlspecialchars($field_name) . ' [' . htmlspecialchars($field_type) . ']'
              . '</option>' . "\n";
     } // end foreach $fields
     ?>