[security] Self-XSS on column type (table Search), see PMASA-2011-18

ChangeLog

@@ -22,6 +22,7 @@ phpMyAdmin - ChangeLog
 - [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
 - [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
 - [security] Self-XSS on column type (Create index), see PMASA-2011-18
+- [security] Self-XSS on column type (table Search), see PMASA-2011-18
 
 3.4.7.1 (2011-11-10)
 - [security] Fixed possible local file inclusion in XML import

tbl_select.php

@@ -124,7 +124,7 @@ if (!isset($param) || $param[0] == '') {
         ?>
         <tr class="noclick <?php echo $odd_row ? 'odd' : 'even'; $odd_row = ! $odd_row; ?>">
             <th><?php echo htmlspecialchars($fields_list[$i]); ?></th>
-            <td><?php echo $fields_type[$i]; ?></td>
+            <td><?php echo htmlspecialchars($fields_type[$i]); ?></td>
             <td><?php echo $fields_collation[$i]; ?></td>
             <td><select name="func[]">
         <?php
@@ -190,7 +190,7 @@ if (!isset($param) || $param[0] == '') {
             <?php
         } elseif (strncasecmp($fields_type[$i], 'enum', 4) == 0) {
             // e n u m s
-            $enum_value=explode(', ', str_replace("'", '', substr($fields_type[$i], 5, -1)));
+            $enum_value=explode(', ', str_replace("'", '', substr(htmlspecialchars($fields_type[$i]), 5, -1)));
             $cnt_enum_value = count($enum_value);
             echo '            <select name="fields[' . $i . '][]"'
                 .' multiple="multiple" size="' . min(3, $cnt_enum_value) . '">' . "\n";