[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3_1-6546-g39cb55a

Herman van Rink helmo at users.sourceforge.net
Tue Jul 5 14:47:09 CEST 2011 

The branch, master has been updated
       via  39cb55a0defbf2634b2bc097f96e0d559303f5f7 (commit)
       via  82f83dac2f6b07bef76f6c3fb795ce7c0c417af8 (commit)
      from  70c70db1392e703346434e65d59110a6ba321367 (commit)


- Log -----------------------------------------------------------------
commit 39cb55a0defbf2634b2bc097f96e0d559303f5f7
Merge: 82f83dac2f6b07bef76f6c3fb795ce7c0c417af8 70c70db1392e703346434e65d59110a6ba321367
Author: Herman van Rink <rink at initfour.nl>
Date:   Tue Jul 5 14:46:24 2011 +0200

    Merge branch 'master' of ssh://phpmyadmin.git.sourceforge.net/gitroot/phpmyadmin/phpmyadmin

commit 82f83dac2f6b07bef76f6c3fb795ce7c0c417af8
Author: Herman van Rink <rink at initfour.nl>
Date:   Tue Jul 5 14:46:13 2011 +0200

    Fixed XSS in unreleased RecentTable class

-----------------------------------------------------------------------

Summary of changes:
 libraries/RecentTable.class.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libraries/RecentTable.class.php b/libraries/RecentTable.class.php
index f844bbc..bfb6081 100644
--- a/libraries/RecentTable.class.php
+++ b/libraries/RecentTable.class.php
@@ -142,7 +142,7 @@ class PMA_RecentTable
         $html = '<option value="">(' . __('Recent tables') . ') ...</option>';
         if (count($this->tables)) {
             foreach ($this->tables as $table) {
-                $html .= '<option value="' . $table . '">' . $table . '</option>';
+                $html .= '<option value="' . htmlspecialchars($table) . '">' . htmlspecialchars($table) . '</option>';
             }
         } else {
             $html .= '<option value="">' . __('There are no recent tables') . '</option>';
@@ -158,7 +158,7 @@ class PMA_RecentTable
     public function getHtmlSelect()
     {
         $html  = '<input type="hidden" name="goto" id="LeftDefaultTabTable" value="' .
-                         $GLOBALS['cfg']['LeftDefaultTabTable'] . '" />';
+                         htmlspecialchars($GLOBALS['cfg']['LeftDefaultTabTable']) . '" />';
         $html .= '<select name="table" id="recentTable">';
         $html .= $this->getHtmlSelectOption();
         $html .= '</select>';


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list