nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1748633 Incorrect parameter validation for VIEWs

Browse Source
This commit is contained in:
Marc Delisle
2007-07-10 15:01:45 +00:00
parent cb8ebc6661
commit db8157a76f
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -15,6 +15,7 @@ $HeadURL$
- bug #1745257 Invalid DB name is still displayed
- bug #1730367 Calendar "Go" has no effect
- patch #1750500 Smaller file for favicon.ico, thanks to Thijs Kinkhorst
- bug #1748633 Incorrect parameter validation for VIEWs
2.10.2.0 (2007-06-15)

6
libraries/display_tbl.lib.php
View File

@@ -290,8 +290,12 @@ function PMA_displayTableNavigation($pos_next, $pos_prev, $encoded_query)
   
</td>
<td align="center">
<?php // if displaying a VIEW, $unlim_num_rows could be zero because
// of $cfg['MaxExactCountViews']; in this case, avoid passing
// the 5th parameter to checkFormElementInRange()
// (this means we can't validate the upper limit ?>
<form action="sql.php" method="post"
onsubmit="return (checkFormElementInRange(this, 'session_max_rows', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 1) &amp;&amp; checkFormElementInRange(this, 'pos', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 0, <?php echo $unlim_num_rows - 1; ?>))">
onsubmit="return (checkFormElementInRange(this, 'session_max_rows', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 1) &amp;&amp; checkFormElementInRange(this, 'pos', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 0<?php echo $unlim_num_rows > 0 ? ',' . $unlim_num_rows - 1 : ''; ?>))">
<?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
<input type="hidden" name="sql_query" value="<?php echo $encoded_query; ?>" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" />