adjust table comments protection to the updated advisory (db print view and db data dictionary)

2008-06-21 13:16:05 +00:00
parent 6d4d839814
commit e3bc0f0380
3 changed files with 3 additions and 3 deletions
--- a/2
+++ b/2
@@ -15,7 +15,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - [structure] do not remove the BINARY attribute in drop-down 
 - bug #1955386 [session] Overriding session.hash_bits_per_character 
 - [interface] sanitize the table comments in table print view, 
-  thanks to Norman Hippert
+  db print view and db data dictionary, thanks to Norman Hippert
 - bug #1939031 Auto_Increment selected for TimeStamp by Default
 - patch #1957998 [display] No tilde for InnoDB row counter when we know
  it for sure, thanks to Vladyslav Bakayev - dandy76 
--- a/db_datadict.php
+++ b/db_datadict.php
@@ -165,7 +165,7 @@ while ($row = PMA_DBI_fetch_assoc($rowset)) {
     * Displays the comments of the table if MySQL >= 3.23
     */
    if (!empty($show_comment)) {
-        echo $strTableComments . ': ' . $show_comment . '<br /><br />';
+        echo $strTableComments . ': ' . htmlspecialchars($show_comment) . '<br /><br />';
    }

    /**
--- a/db_printview.php
+++ b/db_printview.php
@@ -166,7 +166,7 @@ else {
    <td>
        <?php
        if (! empty($sts_data['Comment'])) {
-            echo $sts_data['Comment'];
+            echo htmlspecialchars($sts_data['Comment']);
            $needs_break = '<br />';
        } else {
            $needs_break = '';