nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security fixes

Browse Source
This commit is contained in:
Michal Čihař
2007-01-09 09:50:49 +00:00
parent acbfe50ca9
commit bcc5684a84
4 changed files with 26 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libraries/common.lib.php
View File

@@ -1156,7 +1156,7 @@ if (!defined('PMA_MINIMUM_COMMON')) {
'\'' => '\\\'',
"\n" => '\n',
"\r" => '\r',
'</script' => '<\' + \'script'));
'</script' => '</\' + \'script'));
}
/**
@@ -2746,7 +2746,7 @@ if (isset($_REQUEST['convcharset'])) {
* @global string $GLOBALS['db']
*/
$GLOBALS['db'] = '';
if (isset($_REQUEST['db'])) {
if (isset($_REQUEST['db']) && is_string($_REQUEST['db'])) {
// can we strip tags from this?
// only \ and / is not allowed in db names for MySQL
$GLOBALS['db'] = $_REQUEST['db'];
@@ -2758,7 +2758,7 @@ if (isset($_REQUEST['db'])) {
* @global string $GLOBALS['table']
*/
$GLOBALS['table'] = '';
if (isset($_REQUEST['table'])) {
if (isset($_REQUEST['table']) && is_string($_REQUEST['table'])) {
// can we strip tags from this?
// only \ and / is not allowed in table names for MySQL
$GLOBALS['table'] = $_REQUEST['table'];
@@ -2769,7 +2769,7 @@ if (isset($_REQUEST['table'])) {
* sql query to be executed
* @global string $GLOBALS['sql_query']
*/
if (isset($_REQUEST['sql_query'])) {
if (isset($_REQUEST['sql_query']) && is_string($_REQUEST['sql_query'])) {
$GLOBALS['sql_query'] = $_REQUEST['sql_query'];
}