Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fix two security fix about XSS, reported by Mateusz Goik, fixed by io…

…guix.
  • Loading branch information...
commit 1df248203de055f97e092b50b1dd9643ccb73842 1 parent 6e0612e
Jehan-Guillaume (ioguix) de Rorthais authored September 28, 2011
2  HISTORY
@@ -41,7 +41,7 @@ Bugs
41 41
 * Fix multiple bugs about quoting and escaping database objects names with special chars
42 42
 * Fix multiple bugs in the browser tree
43 43
 * Fix multiple bugs on the SQL and script file import form
44  
-* One security fix about code injection
  44
+* Three security fix about code injection
45 45
 * Don't allow inserting on a table without fields
46 46
 * Some fix about commenting databases
47 47
 * removed deprecated functions from PHP 5.3
2  classes/Misc.php
@@ -398,7 +398,7 @@ function printHeader($title = '', $script = null, $frameset = false) {
398 398
 				echo "<link rel=\"shortcut icon\" href=\"images/themes/{$conf['theme']}/Favicon.ico\" type=\"image/vnd.microsoft.icon\" />\n";
399 399
 				echo "<link rel=\"icon\" type=\"image/png\" href=\"images/themes/{$conf['theme']}/Introduction.png\" />\n";
400 400
 				echo "<title>", htmlspecialchars($appName);
401  
-				if ($title != '') echo " - {$title}";
  401
+				if ($title != '') echo htmlspecialchars(" - {$title}");
402 402
 				echo "</title>\n";
403 403
 
404 404
 				if ($script) echo "{$script}\n";
2  display.php
@@ -578,7 +578,7 @@ function doBrowse($msg = '') {
578 578
 
579 579
 		// Return
580 580
 		if (isset($_REQUEST['return_url']) && isset($_REQUEST['return_desc']))
581  
-			echo "\t<li><a href=\"{$_REQUEST['return_url']}\">{$_REQUEST['return_desc']}</a></li>\n";
  581
+			echo "\t<li><a href=\"". htmlspecialchars($_REQUEST['return_url']) ."\">". htmlspecialchars($_REQUEST['return_desc']) ."</a></li>\n";
582 582
 
583 583
 		// Edit SQL link
584 584
 		if (isset($_REQUEST['query']))

0 notes on commit 1df2482

Please sign in to comment.
Something went wrong with that request. Please try again.