nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #640055

Browse Source
This commit is contained in:
Alexander M. Turek
2002-11-19 14:09:39 +00:00
parent 3aef4943d7
commit e6396b014a
26 changed files with 96 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@@ -5,6 +5,17 @@ phpMyAdmin - Changelog
$Id$
$Source$
2002-11-19 Alexander M. Turek <rabus@users.sourceforge.net>
* db_create.php3, db_datadict.php3, db_details.php3, db_details_export.php3,
db_details_import.php3, db_details_qbe.php3, db_details_structure.php3,
db_stats.php3, header.inc.php3, ldi_table.php3, left.php3,
mult_submits.php3, pdf_pages.php3, sql.php3, tbl_change.php3,
tbl_create.php3, tbl_indexes.php3, tbl_properties.inc.php3,
tbl_properties_export.php3, tbl_properties_operations.php3,
tbl_properties_options.php3, tbl_properties_structure.php3,
tbl_query_box.php3, tbl_relation.php3, tbl_select.php3:
Fixed bug #640055 (HTML entities in db / table name) partly.
2002-11-19 Marc Delisle <lem9@users.sourceforge.net>
### 2.3.3-rc1 released

3
db_create.php3
View File

@@ -23,9 +23,6 @@ $err_url = 'main.php3'
/**
* Ensures the db name is valid
*/
if (get_magic_quotes_gpc()) {
$db = stripslashes($db);
}
if (PMA_MYSQL_INT_VERSION < 32306) {
PMA_checkReservedWords($db, $err_url);
}

6
db_datadict.php3
View File

@@ -45,10 +45,10 @@ $rowset = mysql_query($sql);
$count = 0;
while ($row = mysql_fetch_array($rowset)) {
if (PMA_MYSQL_INT_VERSION >= 32303) {
$myfieldname = 'Tables_in_' . $db;
$myfieldname = 'Tables_in_' . htmlspecialchars($db);
}
else {
$myfieldname = 'Tables in ' . $db;
$myfieldname = 'Tables in ' . htmlspecialchars($db);
}
$table = $row[$myfieldname];
$cfgRelation = PMA_getRelationsParam();
@@ -273,7 +273,7 @@ while ($row = mysql_fetch_array($rowset)) {
<?php
echo '</div>' . "\n";
$count++;
$count++;
} //ends main while

2
db_details.php3
View File

@@ -60,7 +60,7 @@ $auto_sel = ($cfg['TextareaAutoSelect'])
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="pos" value="0" />
<input type="hidden" name="goto" value="db_details.php3" />
<input type="hidden" name="zero_rows" value="<?php echo htmlspecialchars($strSuccess); ?>" />

4
db_details_export.php3
View File

@@ -60,7 +60,7 @@ if ($num_tables > 1) {
. '?lang=' . $lang
. '&amp;convcharset=' . $convcharset
. '&amp;server=' . $server
. '&amp;db=' . $db
. '&amp;db=' . urlencode($db)
. '&amp;goto=db_details_export.php3';
?>
<br />
@@ -181,7 +181,7 @@ if (function_exists('PMA_set_enc_form')) {
</table>
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang;?>" />
<input type="hidden" name="db" value="<?php echo $db;?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db);?>" />
</form>
<a href="./Documentation.html#faqexport" target="documentation"><?php echo $strDocu; ?></a>

2
db_details_importdocsql.php3
View File

@@ -125,7 +125,7 @@ if (empty($DOCUMENT_ROOT)) {
<form method="post" action="db_details_importdocsql.php3">
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="submit_show" value="true" />
<input type="hidden" name="do" value="import" />
<b>Please enter absolute path on webserver to docSQL Directory:</b>

2
db_details_qbe.php3
View File

@@ -649,7 +649,7 @@ while (list($key, $val) = each($tbl_names)) {
</select>
</td>
<td align="<?php echo $cell_align_right; ?>" valign="bottom">
<input type="hidden" value="<?php echo $db; ?>" name="db" />
<input type="hidden" value="<?php echo htmlspecialchars($db); ?>" name="db" />
<input type="hidden" value="<?php echo $z; ?>" name="Columns" />
<?php
$w--;

8
db_details_structure.php3
View File

@@ -53,7 +53,7 @@ else if (PMA_MYSQL_INT_VERSION >= 32303) {
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<table border="<?php echo $cfg['Border']; ?>">
<tr>
@@ -329,7 +329,7 @@ else {
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<table border="<?php echo $cfg['Border']; ?>">
<tr>
@@ -451,7 +451,7 @@ if ($num_tables > 0) {
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<?php
echo ' ' . sprintf($strCreateNewTable, htmlspecialchars($db)) . '&nbsp;:<br />' . "\n";
echo ' ' . $strName . '&nbsp;:&nbsp;' . "\n";
@@ -499,7 +499,7 @@ if ($cfgRelation['pdfwork'] && $num_tables > 0) {
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<?php echo $strDisplayPDF; ?>&nbsp;:<br />
<?php echo $strPageNumber; ?>&nbsp;
<select name="pdf_page_number">

2
db_stats.php3
View File

@@ -294,7 +294,7 @@ if ($num_dbs > 0) {
echo ' <td align="center" bgcolor="'. $bgcolor . '">' . "\n";
echo ' &nbsp;<input type="checkbox" name="selected_db[]" value="' . urlencode($db_name) . '"' . $do_check . ' />&nbsp;' . "\n";
echo ' </td>' . "\n";
echo ' <td bgcolor="'. $bgcolor . '">&nbsp;<a href="index.php3?lang=' . $lang . '&amp;convcharset=' . $convcharset . '&amp;server=' . $server . '&amp;db=' . urlencode($db_name) . '" target="_parent">' . $db_name . '</a>&nbsp;</td>' . "\n";
echo ' <td bgcolor="'. $bgcolor . '">&nbsp;<a href="index.php3?lang=' . $lang . '&amp;convcharset=' . $convcharset . '&amp;server=' . $server . '&amp;db=' . urlencode($db_name) . '" target="_parent">' . htmlspecialchars($db_name) . '</a>&nbsp;</td>' . "\n";
echo ' <td align="right" bgcolor="'. $bgcolor . '">&nbsp;' . $dbs_array[$db_name][0] . '&nbsp;</td>' . "\n";
echo ' <td align="right" bgcolor="'. $bgcolor . '">&nbsp;' . $data_size . '<bdo dir="' . $text_dir . '"> </bdo>' . $data_unit . '&nbsp;</td>' . "\n";
echo ' <td align="right" bgcolor="'. $bgcolor . '">&nbsp;' . $idx_size . '<bdo dir="' . $text_dir . '"> </bdo>' . $idx_unit . '&nbsp;</td>' . "\n";

2
header.inc.php3
View File

@@ -233,7 +233,7 @@ if (isset($GLOBALS['db'])) {
if (!empty($GLOBALS['table'])) {
echo ' - ' . $GLOBALS['strTable'] . ' <i><a class="h1" href="tbl_properties.php3' . $header_url_qry . '&amp;db=' . urlencode($GLOBALS['db']) . '&amp;table=' . urlencode($GLOBALS['table']) . '">' . htmlspecialchars($GLOBALS['table']) . '</a></i>' . "\n";
}
echo ' ' . sprintf($GLOBALS['strRunning'], ' <i>' . (($GLOBALS['cfg']['Server']['verbose']) ? $GLOBALS['cfg']['Server']['verbose'] : $GLOBALS['cfg']['Server']['host']) . '</i>') . "\n";
echo ' ' . sprintf($GLOBALS['strRunning'], ' <i>' . (($GLOBALS['cfg']['Server']['verbose']) ? htmlspecialchars($GLOBALS['cfg']['Server']['verbose']) : $GLOBALS['cfg']['Server']['host']) . '</i>') . "\n";
echo '</h1>' . "\n";
}
echo "\n";

6
ldi_table.php3
View File

@@ -105,12 +105,12 @@ if (function_exists('PMA_set_enc_form')) {
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="hidden" name="zero_rows" value="<?php echo $strTheContent; ?>" />
<input type="hidden" name="goto" value="tbl_properties.php3" />
<input type="hidden" name="back" value="ldi_table.php3" />
<input type="hidden" name="into_table" value="<?php echo $table; ?>" />
<input type="hidden" name="into_table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="submit" name="btnLDI" value="<?php echo $strSubmit; ?>" />&nbsp;&nbsp;
<input type="reset" value="<?php echo $strReset; ?>" />
</td>

30
left.php3
View File

@@ -265,7 +265,7 @@ if ($num_dbs > 1) {
echo "\n";
?>
<a class="item" href="<?php echo $cfg['DefaultTabDatabase']; ?>?<?php echo $common_url_query; ?>" onclick="if (capable) {expandBase('el<?php echo $j; ?>', false)}">
<span class="heada"><?php echo $db; ?><bdo dir="<?php echo($text_dir); ?>">&nbsp;&nbsp;</bdo></span><span class="headaCnt">(<?php echo $num_tables_disp; ?>)</span></a></nobr>
<span class="heada"><?php echo htmlspecialchars($db); ?><bdo dir="<?php echo($text_dir); ?>">&nbsp;&nbsp;</bdo></span><span class="headaCnt">(<?php echo $num_tables_disp; ?>)</span></a></nobr>
</div>
<div id="el<?php echo $j;?>Child" class="child" style="margin-bottom: 5px"<?php echo $on_mouse; ?>>
@@ -275,15 +275,15 @@ if ($num_dbs > 1) {
for ($t = 0; $t < $num_tables; $t++) {
$table = PMA_mysql_tablename($tables, $t);
$url_title = (!empty($tooltip) && isset($tooltip[$table]))
? str_replace('"', '&quot;', $tooltip[$table])
? htmlspecialchars($tooltip[$table])
: '';
echo "\n";
?>
<nobr><img src="images/spacer.gif" border="0" width="9" height="9" alt="" />
<a target="phpmain" href="sql.php3?<?php echo $common_url_query; ?>&amp;table=<?php echo urlencode($table); ?>&amp;sql_query=<?php echo urlencode('SELECT * FROM ' . PMA_backquote($table)); ?>&amp;pos=0&amp;goto=<?php echo $cfg['DefaultTabTable']; ?>">
<img src="images/browse.gif" width="8" height="8" border="0" alt="<?php echo "$strBrowse: $table"; ?>" title="<?php echo "$strBrowse: $table"; ?>" /></a><bdo dir="<?php echo $text_dir; ?>">&nbsp;</bdo>
<a target="phpmain" href="sql.php3?<?php echo $common_url_query; ?>&amp;table=<?php echo urlencode($table); ?>&amp;sql_query=<?php echo urlencode('SELECT * FROM ' . PMA_backquote($table)); ?>&amp;pos=0&amp;goto=<?php echo $cfg['DefaultTabTable']; ?>" title="<?php echo $strBrowse . ': ' . htmlspecialchars($table); ?>">
<img src="images/browse.gif" width="8" height="8" border="0" alt="<?php echo $strBrowse . ': ' . htmlspecialchars($table); ?>" /></a><bdo dir="<?php echo $text_dir; ?>">&nbsp;</bdo>
<a class="tblItem" id="tbl_<?php echo md5($table); ?>" title="<?php echo $url_title; ?>" target="phpmain" href="<?php echo $cfg['DefaultTabTable']; ?>?<?php echo $common_url_query; ?>&amp;table=<?php echo urlencode($table); ?>">
<?php echo $table; ?></a></nobr><br />
<?php echo htmlspecialchars($table); ?></a></nobr><br />
<?php
} // end for $t (tables list)
echo "\n";
@@ -308,11 +308,11 @@ if ($num_dbs > 1) {
? str_replace('"', '&quot;', $tooltip[$table])
: '';
$table_list .= ' <nobr><a target="phpmain" href="sql.php3?' . $common_url_query . '&amp;table=' . urlencode($table) . '&amp;sql_query=' . urlencode('SELECT * FROM ' . PMA_backquote($table)) . '&amp;pos=0&amp;goto=' . $cfg['DefaultTabTable'] . '">' . "\n";
$table_list .= ' <img src="images/browse.gif" width="8" height="8" border="0" alt="' . $strBrowse . ': ' . $table . '" title="' . $strBrowse . ': ' . $table . '" /></a><bdo dir="' . $text_dir . '">&nbsp;</bdo>' . "\n";
$table_list .= ' <img src="images/browse.gif" width="8" height="8" border="0" alt="' . $strBrowse . ': ' . $table . '" title="' . $strBrowse . ': ' . htmlspecialchars($table) . '" /></a><bdo dir="' . $text_dir . '">&nbsp;</bdo>' . "\n";
if (PMA_USR_BROWSER_AGENT == 'IE') {
$table_list .= ' <span class="tblItem"><a class="tblItem" id="tbl_' . md5($table) . '" title="' . $url_title . '" target="phpmain" href="' . $cfg['DefaultTabTable'] . '?' . $common_url_query . '&amp;table=' . urlencode($table) . '">' . $table . '</a></span></nobr><br />' . "\n";
$table_list .= ' <span class="tblItem"><a class="tblItem" id="tbl_' . md5($table) . '" title="' . $url_title . '" target="phpmain" href="' . $cfg['DefaultTabTable'] . '?' . $common_url_query . '&amp;table=' . urlencode($table) . '">' . htmlspecialchars($table) . '</a></span></nobr><br />' . "\n";
} else {
$table_list .= ' <a class="tblItem" id="tbl_' . md5($table) . '" title="' . $url_title . '" target="phpmain" href="' . $cfg['DefaultTabTable'] . '?' . $common_url_query . '&amp;table=' . urlencode($table) . '">' . $table . '</a></nobr><br />' . "\n";
$table_list .= ' <a class="tblItem" id="tbl_' . md5($table) . '" title="' . $url_title . '" target="phpmain" href="' . $cfg['DefaultTabTable'] . '?' . $common_url_query . '&amp;table=' . urlencode($table) . '">' . htmlspecialchars($table) . '</a></nobr><br />' . "\n";
}
} // end for $t (tables list)
@@ -323,15 +323,15 @@ if ($num_dbs > 1) {
$selected = ' selected="selected"';
$table_list_header .= ' <a class="item" target="phpmain" href="' . $cfg['DefaultTabDatabase'] . '?' . $common_url_query . '">' . "\n";
$table_list_header .= ' <span class="heada"><b>' . $db . '</b><bdo dir="' . $text_dir . '">&nbsp;&nbsp;</bdo></span></a><br />' . "\n\n";
$table_list_header .= ' <span class="heada"><b>' . htmlspecialchars($db) . '</b><bdo dir="' . $text_dir . '">&nbsp;&nbsp;</bdo></span></a><br />' . "\n\n";
} else {
$selected = '';
} // end if... else...
if (!empty($num_tables)) {
echo ' <option value="' . urlencode($db) . '"' . $selected . '>' . $db . ' (' . $num_tables . ')</option>' . "\n";
echo ' <option value="' . urlencode($db) . '"' . $selected . '>' . htmlspecialchars($db) . ' (' . $num_tables . ')</option>' . "\n";
} else {
echo ' <option value="' . urlencode($db) . '"' . $selected . '>' . $db . ' (-)</option>' . "\n";
echo ' <option value="' . urlencode($db) . '"' . $selected . '>' . htmlspecialchars($db) . ' (-)</option>' . "\n";
} // end if... else...
} // end if (light mode)
@@ -411,7 +411,7 @@ else if ($num_dbs == 1) {
?>
<div id="el2Parent" class="parent">
<nobr><a class="item" href="<?php echo $cfg['DefaultTabDatabase']; ?>?<?php echo $common_url_query; ?>">
<span class="heada"><?php echo $db; ?><bdo dir="<?php echo($text_dir); ?>">&nbsp;&nbsp;</bdo></span><span class="headaCnt">(<?php echo $num_tables_disp; ?>)</span></a></nobr>
<span class="heada"><?php echo htmlspecialchars($db); ?><bdo dir="<?php echo($text_dir); ?>">&nbsp;&nbsp;</bdo></span><span class="headaCnt">(<?php echo $num_tables_disp; ?>)</span></a></nobr>
</div>
<div id="el2Child" class="child" style="margin-bottom: 5px">
<?php
@@ -423,10 +423,10 @@ else if ($num_dbs == 1) {
: '';
echo "\n";
?>
<nobr><a target="phpmain" href="sql.php3?<?php echo $common_url_query; ?>&amp;table=<?php echo urlencode($table); ?>&amp;sql_query=<?php echo urlencode('SELECT * FROM ' . PMA_backquote($table)); ?>&amp;pos=0&amp;goto=<?php echo $cfg['DefaultTabTable']; ?>">
<img src="images/browse.gif" width="8" height="8" border="0" alt="<?php echo "$strBrowse: $table"; ?>" title="<?php echo "$strBrowse: $table"; ?>" /></a><bdo dir="<?php echo $text_dir; ?>">&nbsp;</bdo>
<nobr><a target="phpmain" href="sql.php3?<?php echo $common_url_query; ?>&amp;table=<?php echo urlencode($table); ?>&amp;sql_query=<?php echo urlencode('SELECT * FROM ' . PMA_backquote($table)); ?>&amp;pos=0&amp;goto=<?php echo $cfg['DefaultTabTable']; ?>" title="<?php echo $strBrowse . ': ' . htmlspecialchars($table); ?>">
<img src="images/browse.gif" width="8" height="8" border="0" alt="<?php echo $strBrowse . ': ' . htmlspecialchars($table); ?>" /></a><bdo dir="<?php echo $text_dir; ?>">&nbsp;</bdo>
<a class="tblItem" id="tbl_<?php echo md5($table); ?>" title="<?php echo $url_title; ?>" target="phpmain" href="<?php echo $cfg['DefaultTabTable']; ?>?<?php echo $common_url_query; ?>&amp;table=<?php echo urlencode($table); ?>">
<?php echo $table; ?></a></nobr><br />
<?php echo htmlspecialchars($table); ?></a></nobr><br />
<?php
} // end for $j (tables list)
echo "\n";

8
mult_submits.inc.php3
View File

@@ -113,13 +113,13 @@ if (!empty($submit_mult) && !empty($what)) {
<?php
echo "\n";
if (strpos(' ' . $action, 'db_details') == 1) {
echo ' <input type="hidden" name="db" value="' . $db . '" />' . "\n";
echo ' <input type="hidden" name="db" value="' . htmlspecialchars($db) . '" />' . "\n";
} else if (strpos(' ' . $action, 'tbl_properties') == 1) {
echo ' <input type="hidden" name="db" value="' . $db . '" />' . "\n";
echo ' <input type="hidden" name="table" value="' . $table . '" />' . "\n";
echo ' <input type="hidden" name="db" value="' . htmlspecialchars($db) . '" />' . "\n";
echo ' <input type="hidden" name="table" value="' . htmlspecialchars($table) . '" />' . "\n";
}
for ($i = 0; $i < $selected_cnt; $i++) {
echo ' <input type="hidden" name="selected[]" value="' . $selected[$i] . '" />' . "\n";
echo ' <input type="hidden" name="selected[]" value="' . htmlspecialchars($selected[$i]) . '" />' . "\n";
}
?>
<input type="hidden" name="query_type" value="<?php echo $what; ?>" />

14
pdf_pages.php3
View File

@@ -120,11 +120,11 @@ if ($cfgRelation['pdfwork']) {
?>
<form method="post" action="pdf_pages.php3" name="selpage">
<?php echo $strChoosePage . "\n"; ?>
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="hidden" name="do" value="choosepage" />
<select name="chpage" onchange="this.form.submit()">
<?php
@@ -152,8 +152,8 @@ if ($cfgRelation['pdfwork']) {
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="hidden" name="do" value="createpage" />
<input type="text" name="newpage" size="20" maxlength="50" />
<input type="submit" value="<?php echo $strGo; ?>" />
@@ -171,8 +171,8 @@ if ($cfgRelation['pdfwork']) {
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="hidden" name="chpage" value="<?php echo $chpage; ?>" />
<input type="hidden" name="do" value="edcoord" />
<table border="0">
@@ -264,7 +264,7 @@ if ($cfgRelation['pdfwork']) {
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="pdf_page_number" value="<?php echo $chpage; ?>" />
<?php echo $strDisplayPDF; ?>&nbsp;:<br />
<input type="checkbox" name="show_grid" id="show_grid_opt" />

8
sql.php3
View File

@@ -178,8 +178,8 @@ if ($do_confirm) {
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo isset($table) ? $table : ''; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo isset($table) ? htmlspecialchars($table) : ''; ?>" />
<input type="hidden" name="sql_query" value="<?php echo urlencode(addslashes($sql_query)); ?>" />
<input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? $zero_rows : ''; ?>" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" />
@@ -303,7 +303,7 @@ else {
: $err_url;
PMA_mysqlDie($error, $full_sql_query, '', $full_err_url);
}
// Checks if the current database has changed
// This could happen if the user sends a query like "USE `database`;"
$res = PMA_mysql_query('SELECT DATABASE() AS "db";');
@@ -580,7 +580,7 @@ else {
<?php echo $strBookmarkLabel; ?>&nbsp;:
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" />
<input type="hidden" name="fields[dbase]" value="<?php echo $db; ?>" />
<input type="hidden" name="fields[dbase]" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="fields[user]" value="<?php echo $cfg['Bookmark']['user']; ?>" />
<input type="hidden" name="fields[query]" value="<?php echo urlencode($sql_query); ?>" />
<input type="text" name="fields[label]" value="" />

2
tbl_change.php3
View File

@@ -160,7 +160,7 @@ $chg_evt_handler = (PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5)
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" />
<input type="hidden" name="pos" value="<?php echo isset($pos) ? $pos : 0; ?>" />

4
tbl_create.php3
View File

@@ -221,10 +221,6 @@ else {
}
// Table name and number of fields are valid -> show the form
else {
// Ensures the table name is valid
if (get_magic_quotes_gpc()) {
$table = stripslashes($table);
}
if (PMA_MYSQL_INT_VERSION < 32306) {
PMA_checkReservedWords($table, $err_url);
}

8
tbl_indexes.php3
View File

@@ -309,8 +309,8 @@ else if (!defined('PMA_IDX_INCLUDED')
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<?php
if (isset($create_index)) {
echo '<input type="hidden" name="create_index" value="1" />';
@@ -427,8 +427,8 @@ else if (!defined('PMA_IDX_INCLUDED')
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<?php
echo "\n";
echo ' ' . $strIndexes . '&nbsp;:' . "\n";

4
tbl_properties.inc.php3
View File

@@ -8,8 +8,8 @@
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<?php
if ($action == 'tbl_create.php3') {
?>

4
tbl_properties_export.php3
View File

@@ -20,8 +20,8 @@ require('./tbl_properties_table_info.php3');
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<table cellpadding="5" border="2" align="center">
<tr>

16
tbl_properties_operations.php3
View File

@@ -61,8 +61,8 @@ if (PMA_MYSQL_INT_VERSION >= 32334) {
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<?php echo $strAlterOrderBy; ?>&nbsp;:
<select name="order_field" style="vertical-align: middle">
<?php
@@ -91,8 +91,8 @@ echo "\n";
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="hidden" name="reload" value="1" />
<?php echo $strRenameTable; ?>&nbsp;:
<input type="text" size="20" name="new_name" value="<?php echo htmlspecialchars($table); ?>" class="textfield" onfocus="this.select()" />&nbsp;
@@ -112,8 +112,8 @@ echo "\n";
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="hidden" name="reload" value="1" />
<input type="hidden" name="what" value="data" />
<table border="0" cellspacing="0" cellpadding="0">
@@ -155,8 +155,8 @@ for ($i = 0; $i < $num_dbs; $i++) {
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="hidden" name="reload" value="1" />
<table border="0" cellspacing="0" cellpadding="0">
<tr>

12
tbl_properties_options.php3
View File

@@ -61,8 +61,8 @@ if (PMA_MYSQL_INT_VERSION >= 32322) {
<form method="post" action="tbl_properties_options.php3">
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<?php echo $strTableComments; ?>&nbsp;:&nbsp;
<input type="hidden" name="prev_comment" value="<?php echo urlencode($show_comment); ?>" />&nbsp;
<input type="text" name="comment" maxlength="60" size="30" value="<?php echo htmlspecialchars($show_comment); ?>" class="textfield" style="vertical-align: middle" onfocus="this.select()" />&nbsp;
@@ -111,8 +111,8 @@ if (PMA_MYSQL_INT_VERSION >= 32322) {
<form method="post" action="tbl_properties_options.php3">
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<?php echo $strTableType; ?>&nbsp;:&nbsp;
<select name="tbl_type" style="vertical-align: middle">
<option value="MYISAM"<?php if ($tbl_type == 'MYISAM') echo ' selected="selected"'; ?>>MyISAM</option>
@@ -157,8 +157,8 @@ if (PMA_MYSQL_INT_VERSION >= 32322) {
<form method="post" action="tbl_properties_options.php3">
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<table border="0" cellspacing="0" cellpadding="0">
<tr>

10
tbl_properties_structure.php3
View File

@@ -60,8 +60,8 @@ $fields_cnt = mysql_num_rows($fields_rs);
<form action="tbl_properties_structure.php3">
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<table border="<?php echo $cfg['Border']; ?>">
<tr>
@@ -294,7 +294,7 @@ require ('./tbl_indexes.php3');
// statistics whatever is the table type
if ($cfg['ShowStats']) {
$nonisam = FALSE;
$is_innodb = (isset($showtable['Type']) && $showtable['Type'] == 'InnoDB');
$is_innodb = (isset($showtable['Type']) && $showtable['Type'] == 'InnoDB');
if (isset($showtable['Type']) && !eregi('ISAM|HEAP', $showtable['Type'])) {
$nonisam = TRUE;
}
@@ -506,8 +506,8 @@ echo "\n";
onsubmit="return checkFormElementInRange(this, 'num_fields', 1)">
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<?php echo $strAddNewField; ?>&nbsp;:
<input type="text" name="num_fields" size="2" maxlength="2" value="1" class="textfield" style="vertical-align: middle" onfocus="this.select()" />
<select name="after_field" style="vertical-align: middle">

4
tbl_query_box.php3
View File

@@ -66,8 +66,8 @@ $auto_sel = ($cfg['TextareaAutoSelect'])
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="hidden" name="pos" value="0" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" />
<input type="hidden" name="zero_rows" value="<?php echo $strSuccess; ?>" />

16
tbl_relation.php3
View File

@@ -37,10 +37,6 @@ function PMA_handleSlashes($val) {
/**
* Updates
*/
if (get_magic_quotes_gpc()) {
$db = stripslashes($db);
$table = stripslashes($table);
}
if ($cfgRelation['relwork']) {
$existrel = PMA_getForeigners($db, $table);
@@ -220,8 +216,8 @@ if ($col_rs && mysql_num_rows($col_rs) > 0) {
<form method="post" action="tbl_relation.php3">
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="hidden" name="submit_rel" value="true" />
<table>
@@ -283,8 +279,8 @@ if ($col_rs && mysql_num_rows($col_rs) > 0) {
<form method="post" action="tbl_relation.php3">
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="hidden" name="submit_show" value="true" />
<p><?php echo $strChangeDisplay; ?></p>
@@ -320,8 +316,8 @@ if ($col_rs && mysql_num_rows($col_rs) > 0) {
<form method="post" action="tbl_relation.php3">
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="hidden" name="submit_comm" value="true" />
<table>

4
tbl_select.php3
View File

@@ -74,8 +74,8 @@ if (!isset($param) || $param[0] == '') {
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" />
<input type="hidden" name="back" value="tbl_select.php3" />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;