From bee36e92a8c21e3ca0dc9502b64c9a03e4e0ca3d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Mon, 21 Nov 2005 12:03:12 +0000
Subject: [PATCH] Escape verbose server name (bug #1362671).

---
 ChangeLog                          | 3 +++
 libraries/auth/cookie.auth.lib.php | 4 ++--
 libraries/select_server.lib.php    | 6 +++---
 main.php                           | 2 +-
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 19d565117..66599fe2a 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,9 @@ $Source$
       ignored for 2.7.0 release.
     * libraries/common.lib.php: Make code more redable, default to MySQL 5.0
       documentation as it is latest stable version.
+    * main.php, libraries/select_server.lib.php,
+      libraries/auth/cookie.auth.lib.php: Escape verbose server name (bug
+      #1362671).
 
 2005-11-20 Marc Delisle  <lem9@users.sourceforge.net>
     ### 2.7.0-rc1 released
diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php
index ae5c51374..0a2aabbdd 100644
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -266,9 +266,9 @@ if (top != self) {
                 }
                 echo '>';
                 if ($val['verbose'] != '') {
-                    echo $val['verbose'];
+                    echo htmlspecialchars($val['verbose']);
                 } else {
-                    echo $val['host'];
+                    echo htmlspecialchars($val['host']);
                     if (!empty($val['port'])) {
                         echo ':' . $val['port'];
                     }
diff --git a/libraries/select_server.lib.php b/libraries/select_server.lib.php
index b56008c39..307d5ba9f 100644
--- a/libraries/select_server.lib.php
+++ b/libraries/select_server.lib.php
@@ -45,12 +45,12 @@ if (count($cfg['Servers']) > 1) {
 
             if ($cfg['DisplayServersList']){
                 if ($selected && !$show_server_left) {
-                    echo '&raquo; <b>' . $label . '</b><br />';
+                    echo '&raquo; <b>' . htmlspecialchars($label) . '</b><br />';
                 }else{
-                    echo '&raquo; <a class="item" href="index.php?server=' . $key . '&amp;lang=' . $lang . '&amp;convcharset=' . $convcharset . '" target="_top">' . $label . '</a><br />';
+                    echo '&raquo; <a class="item" href="index.php?server=' . $key . '&amp;lang=' . $lang . '&amp;convcharset=' . $convcharset . '" target="_top">' . htmlspecialchars($label) . '</a><br />';
                 }
             } else {
-                echo '            <option value="' . $key . '" ' . ($selected ? ' selected="selected"' : '') . '>' . $label . '</option>' . "\n";
+                echo '            <option value="' . $key . '" ' . ($selected ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>' . "\n";
             }
 
         } // end if (!empty($val['host']))
diff --git a/main.php b/main.php
index 626394a9a..63371aa63 100644
--- a/main.php
+++ b/main.php
@@ -88,7 +88,7 @@ if ( $server > 0 ) {
     unset($res, $row);
 
     $full_string     = str_replace('%pma_s1%', '<bdo dir="ltr" xml:lang="en">' . PMA_MYSQL_STR_VERSION . '</bdo>', $strMySQLServerProcess);
-    $full_string     = str_replace('%pma_s2%', $server_info, $full_string);
+    $full_string     = str_replace('%pma_s2%', htmlspecialchars($server_info), $full_string);
     $full_string     = str_replace('%pma_s3%', htmlspecialchars($mysql_cur_user_and_host), $full_string);
 
     echo '    <p><strong>' . $full_string . '</strong></p>' . "\n";