Merge remote branch 'security/MAINT_3_5_2-security' into MAINT_3_5_2

phpmyadmin · Aug 12, 2012 · 6c73243 · 6c73243
2 parents 6f20070 + d563356
commit 6c73243
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 7 deletions.
diff --git a/js/db_structure.js b/js/db_structure.js
@@ -335,7 +335,7 @@ $(document).ready(function() {
         } else {
             question += 'TABLE';
         }
-        question += ' ' + curr_table_name;
+        question += ' ' + escapeHtml(curr_table_name);
 
         $this_anchor.PMA_confirm(question, $this_anchor.attr('href'), function(url) {
 

diff --git a/js/functions.js b/js/functions.js
@@ -3342,7 +3342,7 @@ $(document).ready(function() {
         /**
          * @var question    String containing the question to be asked for confirmation
          */
-        var question = PMA_messages['strDropTableStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'DROP TABLE ' + window.parent.table;
+        var question = PMA_messages['strDropTableStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'DROP TABLE ' + escapeHtml(window.parent.table);
 
         $(this).PMA_confirm(question, $(this).attr('href') ,function(url) {
 
@@ -3373,7 +3373,7 @@ $(document).ready(function() {
         /**
          * @var question    String containing the question to be asked for confirmation
          */
-        var question = PMA_messages['strTruncateTableStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'TRUNCATE TABLE ' + window.parent.table;
+        var question = PMA_messages['strTruncateTableStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'TRUNCATE TABLE ' + escapeHtml(window.parent.table);
 
         $(this).PMA_confirm(question, $(this).attr('href') ,function(url) {
 

diff --git a/js/tbl_gis_visualization.js b/js/tbl_gis_visualization.js
@@ -297,7 +297,7 @@ $(document).ready(function() {
      */
     $('.polygon, .multipolygon, .point, .multipoint, .linestring, .multilinestring, '
             + '.geometrycollection').live('mousemove', function(event) {
-        contents = $.trim($(this).attr('name'));
+        contents = $.trim(escapeHtml($(this).attr('name')));
         $("#tooltip").remove();
         if (contents != '') {
             $('<div id="tooltip">' + contents + '</div>').css({

diff --git a/libraries/rte/rte_triggers.lib.php b/libraries/rte/rte_triggers.lib.php
@@ -100,8 +100,12 @@ function PMA_TRI_handleEditor()
                 // 'Add a new item' mode
                 $result = PMA_DBI_try_query($item_query);
                 if (! $result) {
-                    $errors[] = sprintf(__('The following query has failed: "%s"'), $item_query) . '<br /><br />'
-                                      . __('MySQL said: ') . PMA_DBI_getError(null);
+                    $errors[] = sprintf(
+                        __('The following query has failed: "%s"'),
+                        htmlspecialchars($item_query)
+                    )
+                    . '<br /><br />'
+                    . __('MySQL said: ') . PMA_DBI_getError(null);
                 } else {
                     $message = PMA_Message::success(__('Trigger %1$s has been created.'));
                     $message->addParam(PMA_backquote($_REQUEST['item_name']));
@@ -317,7 +321,9 @@ function PMA_TRI_getEditorForm($mode, $item)
         } else if ($mode == 'edit' && $value == $item['item_table']) {
             $selected = " selected='selected'";
         }
-        $retval .= "            <option$selected>$value</option>\n";
+        $retval .= "<option$selected>";
+        $retval .= htmlspecialchars($value);
+        $retval .= "</option>\n";
     }
     $retval .= "        </select>\n";
     $retval .= "    </td>\n";