nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix XSS on database comment, thanks to laurent gaffié.

Browse Source
This commit is contained in:
Michal Čihař
2006-11-18 19:33:14 +00:00
parent b651ac38da
commit cceeae91e9
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libraries/common.lib.php
View File

@@ -180,11 +180,11 @@ function PMA_getHtmlSelectDb($selected = '')
}
foreach ($dbs as $db) {
$return .= '<option value="' . $db['name'] . '"'
.' title="' . $db['comment'] . '"';
.' title="' . htmlspecialchars($db['comment']) . '"';
if ($db['name'] == $selected) {
$return .= ' selected="selected"';
}
$return .= '>' . ($cut ? $db['disp_name_cut'] : $db['disp_name'])
$return .= '>' . htmlspecialchars($cut ? $db['disp_name_cut'] : $db['disp_name'])
.' (' . $db['num_tables'] . ')</option>' . "\n";
}
if (count($dbs) > 1) {