2 Jul
2014
2 Jul
'14
10:36 a.m.
Hi Dne Wed, 2 Jul 2014 12:35:15 +0530 Chirayu Chiripal <chirayu.chiripal@gmail.com> napsal(a):
I cannot reproduce this on master before your patch. So, it seems PMA_Bookmark_save is safe enough and htmlspecialchars is not required there.
I think it makes no sense to espace HTML when saving to database, this should be done at display time whenever displaying data which user can control (eg. table/database name, bookmark, SQL query, ...). -- Michal Čihař | http://cihar.com | http://blog.cihar.com