Permalink
Browse files

Fix XSS in PMA_RecentFavoriteTable::getHtmlList()

Signed-off-by: Ann + J.M <phpMyAdmin@ZweiSteinSoft.de>
  • Loading branch information...
1 parent 42a65a5 commit d18a2dd9faad7e0e96df799b59e16ef587afb838 @ZweiSteinSoft ZweiSteinSoft committed Jun 19, 2014
Showing with 23 additions and 15 deletions.
  1. +23 −15 libraries/RecentFavoriteTable.class.php
@@ -203,10 +203,13 @@ public function getHtmlList()
if ($this->_tableType == 'recent') {
foreach ($this->_tables as $table) {
$html .= '<li class="warp_link">';
- $html .= '<a href="sql.php?server=' . $GLOBALS['server']
- . '&db=' . $table['db']
- . '&table=' . $table['table']
- . '&token=' . $_SESSION[' PMA_token '] . '">`'
+ $recent_params = array(
+ 'db' => $table['db'],
+ 'table' => $table['table']
+ );
+ $recent_url = 'sql.php'
+ . PMA_URL_getCommon($recent_params);
+ $html .= '<a href="' . $recent_url . '">`'
. htmlspecialchars($table['db']) . '`.`'
. htmlspecialchars($table['table']) . '`</a>';
$html .= '</li>';
@@ -215,11 +218,13 @@ public function getHtmlList()
foreach ($this->_tables as $table) {
$html .= '<li class="warp_link">';
- $html .= '<a class="ajax favorite_table_anchor"';
- $fav_params = array('db' => $table['db'],
- 'ajax_request' => true,
- 'favorite_table' => $table['table'],
- 'remove_favorite' => true);
+ $html .= '<a class="ajax favorite_table_anchor" ';
+ $fav_params = array(
+ 'db' => $table['db'],
+ 'ajax_request' => true,
+ 'favorite_table' => $table['table'],
+ 'remove_favorite' => true
+ );
$fav_rm_url = 'db_structure.php'
. PMA_URL_getCommon($fav_params);
$html .= 'href="' . $fav_rm_url
@@ -230,12 +235,15 @@ public function getHtmlList()
. PMA_Util::getIcon('b_favorite.png')
. '</a>';
- $html .= '<a href="sql.php?server=' . $GLOBALS['server']
- . '&db=' . $table['db']
- . '&table=' . $table['table']
- . '&token=' . $_SESSION[' PMA_token '] . '">`'
- . htmlspecialchars($table['db']) . '`.`'
- . htmlspecialchars($table['table']) . '`</a>';
+ $fav_params = array(
+ 'db' => $table['db'],
+ 'table' => $table['table']
+ );
+ $table_url = 'sql.php'
+ . PMA_URL_getCommon($fav_params);
+ $html .= '<a href="' . $table_url . '">`'
+ . htmlspecialchars($table['db']) . '`.`'
+ . htmlspecialchars($table['table']) . '`</a>';
$html .= '</li>';
}
}

0 comments on commit d18a2dd

Please sign in to comment.