Fixed regexp quoting issue in Synchronize code
This commit is contained in:
Herman van Rink
@@ -8,6 +8,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
|
|||||||
3.3.10.2 (not yet released)
|
3.3.10.2 (not yet released)
|
||||||
- [security] Fixed possible session corruption in swekey authentication
|
- [security] Fixed possible session corruption in swekey authentication
|
||||||
- [security] Fixed possible code injection incase session variables are compromised
|
- [security] Fixed possible code injection incase session variables are compromised
|
||||||
|
- [security] Fixed regexp quoting issue in Synchronize code.
|
||||||
|
|
||||||
3.3.10.1 (2011-05-20)
|
3.3.10.1 (2011-05-20)
|
||||||
- [security] XSS on Tracking page
|
- [security] XSS on Tracking page
|
||||||
|
|||||||
@@ -624,7 +624,7 @@ function PMA_createTargetTables($src_db, $trg_db, $src_link, $trg_link, &$uncomm
|
|||||||
$Create_Query = PMA_DBI_fetch_value("SHOW CREATE TABLE " . PMA_backquote($src_db) . '.' . PMA_backquote($uncommon_tables[$table_index]), 0, 1, $src_link);
|
$Create_Query = PMA_DBI_fetch_value("SHOW CREATE TABLE " . PMA_backquote($src_db) . '.' . PMA_backquote($uncommon_tables[$table_index]), 0, 1, $src_link);
|
||||||
|
|
||||||
// Replace the src table name with a `dbname`.`tablename`
|
// Replace the src table name with a `dbname`.`tablename`
|
||||||
$Create_Table_Query = preg_replace('/' . PMA_backquote($uncommon_tables[$table_index]) . '/',
|
$Create_Table_Query = preg_replace('/' . preg_quote(PMA_backquote($uncommon_tables[$table_index]), '/') . '/',
|
||||||
PMA_backquote($trg_db) . '.' .PMA_backquote($uncommon_tables[$table_index]),
|
PMA_backquote($trg_db) . '.' .PMA_backquote($uncommon_tables[$table_index]),
|
||||||
$Create_Query,
|
$Create_Query,
|
||||||
$limit = 1
|
$limit = 1
|
||||||
|
|||||||
Reference in New Issue
Block a user