The branch, QA_3_4 has been updated via 599c9b5e1bacc01a9c9bb6621ec1ed3279c4104a (commit) via e7d6cab2a25e5014c1c10ce927413481dc9ab074 (commit) from 514697082675f054671f6af4aa27c0c4601fcce8 (commit)
- Log ----------------------------------------------------------------- commit 599c9b5e1bacc01a9c9bb6621ec1ed3279c4104a Author: Michal Čihař michal@cihar.com Date: Fri Aug 19 11:56:38 2011 +0200
More of missing escaping
commit e7d6cab2a25e5014c1c10ce927413481dc9ab074 Author: Michal Čihař michal@cihar.com Date: Fri Aug 19 11:54:34 2011 +0200
Missing escaping
-----------------------------------------------------------------------
Summary of changes: db_datadict.php | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/db_datadict.php b/db_datadict.php index e67c096..6981462 100644 --- a/db_datadict.php +++ b/db_datadict.php @@ -65,7 +65,7 @@ while ($row = PMA_DBI_fetch_assoc($rowset)) {
echo '<div>' . "\n";
- echo '<h2>' . $table . '</h2>' . "\n"; + echo '<h2>' . htmlspecialchars($table) . '</h2>' . "\n";
/** * Gets table informations @@ -249,9 +249,9 @@ while ($row = PMA_DBI_fetch_assoc($rowset)) { <td nowrap="nowrap"> <?php if (isset($pk_array[$row['Field']])) { - echo '<u>' . $field_name . '</u>'; + echo '<u>' . htmlspecialchars($field_name) . '</u>'; } else { - echo $field_name; + echo htmlspecialchars($field_name); } ?> </td>
hooks/post-receive