← Back to branch summary

~ubuntu-branches/ubuntu/lucid/phpmyadmin/lucid

« back to all changes in this revision

Viewing changes to sql.php

  • Committer: Bazaar Package Importer
  • Author(s): Michal Čihař
  • Date: 2009-06-30 14:05:13 UTC
  • mfrom: (1.2.1 upstream) (36.1.2 karmic)
  • Revision ID: james.westby@ubuntu.com-20090630140513-hz71do3sij2jhm4s
https://launchpad.net/bugs/388703
https://launchpad.net/bugs/369244
http://bugs.debian.org/534894
* New upstream version fixing XSS (PMASA-2009-5).
* Document no empty password in README.Debian and the shipped sample
  configuration file (LP: #388703).
* Install service file for avahi (if web service enabled and if avahi is
  installed) (LP: #369244).
* Mention protecting of setup if not using provided configuration snippets
  for webservers.
* Call ucf with --debconf-ok in postrm (Closes: #534894).

Show diffs side-by-side

added added

removed removed

Lines of Context:
sql.php
3
3
/**
4
4
 * @todo    we must handle the case if sql.php is called directly with a query
5
5
 *          that returns 0 rows - to prevent cyclic redirects or includes
6
 
 * @version $Id: sql.php 12340 2009-04-09 14:20:44Z nijel $
 
6
 * @version $Id: sql.php 12608 2009-06-30 10:48:08Z lem9 $
 
7
 * @package phpMyAdmin
7
8
 */
8
9
 
9
10
/**
310
311
                $table = '';
311
312
            }
312
313
            $active_page = $goto;
313
 
            $message = PMA_Message::rawError($error);
 
314
            $message = htmlspecialchars(PMA_Message::rawError($error));
 
315
            /**
 
316
             * Go to target path.
 
317
             */
314
318
            require './' . PMA_securePath($goto);
315
319
        } else {
 
320
            /**
 
321
             * HTML header.
 
322
             */
316
323
            require_once './libraries/header.inc.php';
317
324
            $full_err_url = (preg_match('@^(db|tbl)_@', $err_url))
318
325
                          ? $err_url . '&show_query=1&sql_query=' . urlencode($sql_query)
446
453
 
447
454
    // garvin: if a table or database gets dropped, check column comments.
448
455
    if (isset($purge) && $purge == '1') {
 
456
        /**
 
457
         * Cleanup relations.
 
458
         */
449
459
        require_once './libraries/relation_cleanup.lib.php';
450
460
 
451
461
        if (strlen($table) && strlen($db)) {