From be0f47a93141e2950ad400b8d22a2a98512825c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Wed, 18 Aug 2010 12:13:59 +0200 Subject: [PATCH] Fix XSS on hostname. --- server_privileges.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/server_privileges.php b/server_privileges.php index 0e1afece2..d43896bb3 100644 --- a/server_privileges.php +++ b/server_privileges.php @@ -1151,7 +1151,7 @@ if (!empty($update_privs)) { } $sql_query = $sql_query0 . ' ' . $sql_query1 . ' ' . $sql_query2; $message = PMA_Message::success('strUpdatePrivMessage'); - $message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . $hostname . '\''); + $message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\''); } @@ -1175,7 +1175,7 @@ if (isset($_REQUEST['revokeall'])) { } $sql_query = $sql_query0 . ' ' . $sql_query1; $message = PMA_Message::success('strRevokeMessage'); - $message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . $hostname . '\''); + $message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\''); if (! isset($tablename)) { unset($dbname); } else { @@ -1211,7 +1211,7 @@ if (isset($_REQUEST['change_pw'])) { PMA_DBI_try_query($local_query) or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, FALSE, $err_url); $message = PMA_Message::success('strPasswordChanged'); - $message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . $hostname . '\''); + $message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\''); } } @@ -1591,7 +1591,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs if (isset($dbname)) { echo ' \'' + . '&hostname=' . htmlspecialchars(urlencode($hostname)) . '&dbname=&tablename=">\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'' . "\n"; $url_dbname = urlencode(str_replace(array('\_', '\%'), array('_', '%'), $dbname)); @@ -1599,7 +1599,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs echo ' - ' . ($dbname_is_wildcard ? $GLOBALS['strDatabases'] : $GLOBALS['strDatabase'] ); if (isset($tablename)) { echo ' ' . htmlspecialchars($dbname) . ''; echo ' - ' . $GLOBALS['strTable'] . ' ' . htmlspecialchars($tablename) . ''; } else { @@ -1835,14 +1835,14 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs echo '' . "\n" . ' '; printf($link_edit, htmlspecialchars(urlencode($username)), - urlencode($hostname), + urlencode(htmlspecialchars($hostname)), urlencode((! isset($dbname)) ? $row['Db'] : htmlspecialchars($dbname)), urlencode((! isset($dbname)) ? '' : $row['Table_name'])); echo '' . "\n" . ' '; if (! empty($row['can_delete']) || isset($row['Table_name']) && strlen($row['Table_name'])) { printf($link_revoke, htmlspecialchars(urlencode($username)), - urlencode($hostname), + urlencode(htmlspecialchars($hostname)), urlencode((! isset($dbname)) ? $row['Db'] : htmlspecialchars($dbname)), urlencode((! isset($dbname)) ? '' : $row['Table_name'])); }