[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3_1-6546-g39cb55a

The branch, master has been updated via 39cb55a0defbf2634b2bc097f96e0d559303f5f7 (commit) via 82f83dac2f6b07bef76f6c3fb795ce7c0c417af8 (commit) from 70c70db1392e703346434e65d59110a6ba321367 (commit) - Log ----------------------------------------------------------------- commit 39cb55a0defbf2634b2bc097f96e0d559303f5f7 Merge: 82f83dac2f6b07bef76f6c3fb795ce7c0c417af8 70c70db1392e703346434e65d59110a6ba321367 Author: Herman van Rink <rink@initfour.nl> Date: Tue Jul 5 14:46:24 2011 +0200 Merge branch 'master' of ssh://phpmyadmin.git.sourceforge.net/gitroot/phpmyadmin/phpmyadmin commit 82f83dac2f6b07bef76f6c3fb795ce7c0c417af8 Author: Herman van Rink <rink@initfour.nl> Date: Tue Jul 5 14:46:13 2011 +0200 Fixed XSS in unreleased RecentTable class ----------------------------------------------------------------------- Summary of changes: libraries/RecentTable.class.php | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libraries/RecentTable.class.php b/libraries/RecentTable.class.php index f844bbc..bfb6081 100644 --- a/libraries/RecentTable.class.php +++ b/libraries/RecentTable.class.php @@ -142,7 +142,7 @@ class PMA_RecentTable $html = '<option value="">(' . __('Recent tables') . ') ...</option>'; if (count($this->tables)) { foreach ($this->tables as $table) { - $html .= '<option value="' . $table . '">' . $table . '</option>'; + $html .= '<option value="' . htmlspecialchars($table) . '">' . htmlspecialchars($table) . '</option>'; } } else { $html .= '<option value="">' . __('There are no recent tables') . '</option>'; @@ -158,7 +158,7 @@ class PMA_RecentTable public function getHtmlSelect() { $html = '<input type="hidden" name="goto" id="LeftDefaultTabTable" value="' . - $GLOBALS['cfg']['LeftDefaultTabTable'] . '" />'; + htmlspecialchars($GLOBALS['cfg']['LeftDefaultTabTable']) . '" />'; $html .= '<select name="table" id="recentTable">'; $html .= $this->getHtmlSelectOption(); $html .= '</select>'; hooks/post-receive -- phpMyAdmin
participants (1)
-
Herman van Rink