From d84b98d34012cc5986fe84f1871b0396990391ef Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Thu, 9 Aug 2012 13:13:08 -0400
Subject: [PATCH] Fix for Empty and Drop vulnerabilities on db Structure and
 Operations, see PMASA-2012-4

---
 js/db_structure.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/js/db_structure.js b/js/db_structure.js
index 4affd75bd..5938ae40c 100644
--- a/js/db_structure.js
+++ b/js/db_structure.js
@@ -75,7 +75,7 @@ $(document).ready(function() {
         /**
          * @var question    String containing the question to be asked for confirmation
          */
-        var question = 'TRUNCATE ' + curr_table_name;
+        var question = 'TRUNCATE ' + escapeHtml(curr_table_name);
 
         $this_anchor.PMA_confirm(question, $this_anchor.attr('href'), function(url) {
 
@@ -125,7 +125,7 @@ $(document).ready(function() {
         /**
          * @var question    String containing the question to be asked for confirmation
          */
-        var question = 'DROP TABLE ' + curr_table_name;
+        var question = 'DROP TABLE ' + escapeHtml(curr_table_name);
 
         $this_anchor.PMA_confirm(question, $this_anchor.attr('href'), function(url) {