Skip to content

Commit 983faa9

Browse files
committed
Fix XSS in database structure page
Forward ported commit 90df124 Signed-off-by: Michal Čihař <michal@cihar.com>
1 parent 16a6a02 commit 983faa9

File tree

1 file changed

+11
-7
lines changed

1 file changed

+11
-7
lines changed

Diff for: templates/database/structure/sortable_header.phtml

+11-7
Original file line numberDiff line numberDiff line change
@@ -51,16 +51,20 @@ if ($requested_sort == $sort) {
5151
}
5252
$_url_params = array(
5353
'db' => $_REQUEST['db'],
54+
'pos' => 0, // We set the position back to 0 every time they sort.
55+
'sort' => $sort,
56+
'sort_order' => $future_sort_order,
5457
);
55-
$url = 'db_structure.php' . PMA_URL_getCommon($_url_params);
56-
// We set the position back to 0 every time they sort.
57-
$url .= "&amp;pos=0&amp;sort=$sort&amp;sort_order=$future_sort_order";
58-
if (! empty($_REQUEST['tbl_type'])) {
59-
$url .= "&amp;tbl_type=" . $_REQUEST['tbl_type'];
58+
59+
if (PMA_isValid($_REQUEST['tbl_type'], array('view', 'table'))) {
60+
$_url_params['tbl_type'] = $_REQUEST['tbl_type'];
6061
}
6162
if (! empty($_REQUEST['tbl_group'])) {
62-
$url .= "&amp;tbl_group=" . $_REQUEST['tbl_group'];
63+
$_url_params['tbl_group'] = $_REQUEST['tbl_group'];
6364
}
65+
66+
$url = 'db_structure.php' . PMA_URL_getCommon($_url_params);
67+
6468
echo PMA_Util::linkOrButton(
6569
$url, $title . $order_img, $order_link_params
66-
);
70+
);

0 commit comments

Comments
 (0)