nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Protect against php code input from user (bug #1530370).

Browse Source
This commit is contained in:
Michal Čihař
2006-07-28 14:49:47 +00:00
parent 708c596779
commit fbfb5d2f02
2 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -6,6 +6,10 @@ $Id$
$Source$ $Source$
2006-07-28 Michal Čihař <michal@cihar.com>
* scripts/setup.php: Protect against php code input from user (bug
#1530370).
2006-07-27 Marc Delisle <lem9@users.sourceforge.net> 2006-07-27 Marc Delisle <lem9@users.sourceforge.net>
* pdf_pages.php: automatic layout for InnoDB tables * pdf_pages.php: automatic layout for InnoDB tables
* tbl_properties_operations.php: problem switching from InnoDB to MyISAM * tbl_properties_operations.php: problem switching from InnoDB to MyISAM

14
scripts/setup.php
View File

@@ -395,17 +395,21 @@ function get_server_auth($val) {
* *
* @return string fancy server name * @return string fancy server name
*/ */
function get_server_name($val, $id = FALSE) { function get_server_name($val, $id = FALSE, $escape = true) {
if (!empty($val['verbose'])) { if (!empty($val['verbose'])) {
$ret = htmlspecialchars($val['verbose']); $ret = $val['verbose'];
} else { } else {
$ret = htmlspecialchars($val['host']); $ret = $val['host'];
} }
$ret .= ' (' . get_server_auth($val) . ')'; $ret .= ' (' . get_server_auth($val) . ')';
if ($id !== FALSE) { if ($id !== FALSE) {
$ret .= ' [' . ($id + 1) . ']' ; $ret .= ' [' . ($id + 1) . ']' ;
} }
return $ret; if ($escape) {
return htmlspecialchars($ret);
} else {
return $ret;
}
} }
@@ -502,7 +506,7 @@ function get_cfg_string($cfg) {
if (count($c['Servers']) > 0) { if (count($c['Servers']) > 0) {
$ret .= "/* Servers configuration */\n\$i = 0;\n"; $ret .= "/* Servers configuration */\n\$i = 0;\n";
foreach ($c['Servers'] as $cnt => $srv) { foreach ($c['Servers'] as $cnt => $srv) {
$ret .= "\n/* Server " . get_server_name($srv, $cnt) . " */\n\$i++;\n"; $ret .= "\n/* Server " . strtr(get_server_name($srv, $cnt, false), '*', '-') . " */\n\$i++;\n";
foreach ($srv as $key => $val) { foreach ($srv as $key => $val) {
$ret .= get_cfg_val("\$cfg['Servers'][\$i]['$key']", $val); $ret .= get_cfg_val("\$cfg['Servers'][\$i]['$key']", $val);
} }