Skip to content

Commit

Permalink
Fix XSS in PMA_RecentFavoriteTable::getHtmlList()
Browse files Browse the repository at this point in the history 
Signed-off-by: Ann + J.M <phpMyAdmin@ZweiSteinSoft.de>
  • Loading branch information
@ZweiSteinSoft
ZweiSteinSoft committed Jun 19, 2014
1 parent 42a65a5 commit d18a2dd
Showing 1 changed file with 23 additions and 15 deletions.
38 changes: 23 additions & 15 deletions libraries/RecentFavoriteTable.class.php
View file
Expand Up @@ -203,10 +203,13 @@ public function getHtmlList()
if ($this->_tableType == 'recent') {
foreach ($this->_tables as $table) {
$html .= '<li class="warp_link">';
$html .= '<a href="sql.php?server=' . $GLOBALS['server']
. '&db=' . $table['db']
. '&table=' . $table['table']
. '&token=' . $_SESSION[' PMA_token '] . '">`'
$recent_params = array(
'db' => $table['db'],
'table' => $table['table']
);
$recent_url = 'sql.php'
. PMA_URL_getCommon($recent_params);
$html .= '<a href="' . $recent_url . '">`'
. htmlspecialchars($table['db']) . '`.`'
. htmlspecialchars($table['table']) . '`</a>';
$html .= '</li>';
Expand All @@ -215,11 +218,13 @@ public function getHtmlList()
foreach ($this->_tables as $table) {
$html .= '<li class="warp_link">';

$html .= '<a class="ajax favorite_table_anchor"';
$fav_params = array('db' => $table['db'],
'ajax_request' => true,
'favorite_table' => $table['table'],
'remove_favorite' => true);
$html .= '<a class="ajax favorite_table_anchor" ';
$fav_params = array(
'db' => $table['db'],
'ajax_request' => true,
'favorite_table' => $table['table'],
'remove_favorite' => true
);
$fav_rm_url = 'db_structure.php'
. PMA_URL_getCommon($fav_params);
$html .= 'href="' . $fav_rm_url
Expand All @@ -230,12 +235,15 @@ public function getHtmlList()
. PMA_Util::getIcon('b_favorite.png')
. '</a>';

$html .= '<a href="sql.php?server=' . $GLOBALS['server']
. '&db=' . $table['db']
. '&table=' . $table['table']
. '&token=' . $_SESSION[' PMA_token '] . '">`'
. htmlspecialchars($table['db']) . '`.`'
. htmlspecialchars($table['table']) . '`</a>';
$fav_params = array(
'db' => $table['db'],
'table' => $table['table']
);
$table_url = 'sql.php'
. PMA_URL_getCommon($fav_params);
$html .= '<a href="' . $table_url . '">`'
. htmlspecialchars($table['db']) . '`.`'
. htmlspecialchars($table['table']) . '`</a>';
$html .= '</li>';
}
}
Expand Down

0 comments on commit d18a2dd

Please sign in to comment.