← Back to branch summary

~ubuntu-branches/ubuntu/lucid/phpmyadmin/lucid

« back to all changes in this revision

Viewing changes to libraries/sql_query_form.lib.php

  • Committer: Bazaar Package Importer
  • Author(s): Michal Čihař
  • Date: 2009-06-30 14:05:13 UTC
  • mfrom: (1.2.1 upstream) (36.1.2 karmic)
  • Revision ID: james.westby@ubuntu.com-20090630140513-hz71do3sij2jhm4s
https://launchpad.net/bugs/388703
https://launchpad.net/bugs/369244
http://bugs.debian.org/534894
* New upstream version fixing XSS (PMASA-2009-5).
* Document no empty password in README.Debian and the shipped sample
  configuration file (LP: #388703).
* Install service file for avahi (if web service enabled and if avahi is
  installed) (LP: #369244).
* Mention protecting of setup if not using provided configuration snippets
  for webservers.
* Call ucf with --debconf-ok in postrm (Closes: #534894).

Show diffs side-by-side

added added

removed removed

Lines of Context:
libraries/sql_query_form.lib.php
3
3
/**
4
4
 * functions for displaying the sql query form
5
5
 *
6
 
 * @version $Id: sql_query_form.lib.php 11626 2008-10-01 20:48:40Z lem9 $
 
6
 * @version $Id: sql_query_form.lib.php 12280 2009-03-03 15:19:48Z lem9 $
7
7
 * @usedby  server_sql.php
8
8
 * @usedby  db_sql.php
9
9
 * @usedby  tbl_sql.php
10
10
 * @usedby  tbl_structure.php
11
11
 * @usedby  querywindow.php
 
12
 * @package phpMyAdmin
12
13
 */
13
14
if (! defined('PHPMYADMIN')) {
14
15
    exit;
110
111
        ?>
111
112
        <form method="post" id="sqlqueryform" target="frame_content"
112
113
              action="import.php"<?php echo $enctype; ?> name="sqlform"
113
 
              onsubmit="
114
 
              // <![CDATA[
115
 
              var save_name = window.opener.parent.frame_content.name;
 
114
              onsubmit="var save_name = window.opener.parent.frame_content.name;
116
115
              window.opener.parent.frame_content.name = save_name + '<?php echo time(); ?>';
117
116
              this.target = window.opener.parent.frame_content.name;
118
 
              return checkSqlQuery(this);
119
 
              // ]]" >
 
117
              return checkSqlQuery(this)">
120
118
        <?php
121
119
    } else {
122
120
        echo '<form method="post" action="import.php" ' . $enctype . ' id="sqlqueryform"'