nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use htmlspecialchars instead of htmlentities, it doesn't break utf-8.

Browse Source
This commit is contained in:
Michal Čihař
2006-05-02 13:28:35 +00:00
parent d1ed5a5b1b
commit ed84a68f63
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -9,6 +9,8 @@ $Source$
* libraries/select_lang.lib.php, libraries/Theme_Manager.class.php: Escape * libraries/select_lang.lib.php, libraries/Theme_Manager.class.php: Escape
user input (CVE-2006-2031). user input (CVE-2006-2031).
* server_databases.php: Fix path to image (needs to be lower case). * server_databases.php: Fix path to image (needs to be lower case).
* libraries/common.lib.php: Use htmlspecialchars instead of htmlentities,
it doesn't break utf-8.
2006-04-28 Michal Čihař <michal@cihar.com> 2006-04-28 Michal Čihař <michal@cihar.com>
* Documentation.html, main.php, libraries/config.default.php: Possibility * Documentation.html, main.php, libraries/config.default.php: Possibility

4
libraries/common.lib.php
View File

@@ -2038,10 +2038,10 @@ window.parent.updateTableTitle('<?php echo $uni_tbl; ?>', '<?php echo PMA_jsForm
$tag_params_strings = array(); $tag_params_strings = array();
foreach ($tag_params as $par_name => $par_value) { foreach ($tag_params as $par_name => $par_value) {
// htmlentities() only on non javascript // htmlspecialchars() only on non javascript
$par_value = substr($par_name, 0, 2) == 'on' $par_value = substr($par_name, 0, 2) == 'on'
? $par_value ? $par_value
: htmlentities($par_value); : htmlspecialchars($par_value);
$tag_params_strings[] = $par_name . '="' . $par_value . '"'; $tag_params_strings[] = $par_name . '="' . $par_value . '"';
} }