Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix two security fix about XSS, reported by Mateusz Goik, fixed by io…
…guix.
  • Loading branch information
ioguix committed Sep 28, 2011
1 parent 6e0612e commit 1df2482
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion HISTORY
Expand Up @@ -41,7 +41,7 @@ Bugs
* Fix multiple bugs about quoting and escaping database objects names with special chars
* Fix multiple bugs in the browser tree
* Fix multiple bugs on the SQL and script file import form
* One security fix about code injection
* Three security fix about code injection
* Don't allow inserting on a table without fields
* Some fix about commenting databases
* removed deprecated functions from PHP 5.3
Expand Down
2 changes: 1 addition & 1 deletion classes/Misc.php
Expand Up @@ -398,7 +398,7 @@ function printHeader($title = '', $script = null, $frameset = false) {
echo "<link rel=\"shortcut icon\" href=\"images/themes/{$conf['theme']}/Favicon.ico\" type=\"image/vnd.microsoft.icon\" />\n";
echo "<link rel=\"icon\" type=\"image/png\" href=\"images/themes/{$conf['theme']}/Introduction.png\" />\n";
echo "<title>", htmlspecialchars($appName);
if ($title != '') echo " - {$title}";
if ($title != '') echo htmlspecialchars(" - {$title}");
echo "</title>\n";

if ($script) echo "{$script}\n";
Expand Down
2 changes: 1 addition & 1 deletion display.php
Expand Up @@ -578,7 +578,7 @@ function doBrowse($msg = '') {

// Return
if (isset($_REQUEST['return_url']) && isset($_REQUEST['return_desc']))
echo "\t<li><a href=\"{$_REQUEST['return_url']}\">{$_REQUEST['return_desc']}</a></li>\n";
echo "\t<li><a href=\"". htmlspecialchars($_REQUEST['return_url']) ."\">". htmlspecialchars($_REQUEST['return_desc']) ."</a></li>\n";

// Edit SQL link
if (isset($_REQUEST['query']))
Expand Down

0 comments on commit 1df2482

Please sign in to comment.