← Back to branch summary

~ubuntu-branches/ubuntu/quantal/phppgadmin/quantal

« back to all changes in this revision

Viewing changes to ajax-ac-insert.php

  • Committer: Bazaar Package Importer
  • Author(s): Christoph Berg
  • Date: 2011-10-05 21:47:32 UTC
  • mfrom: (1.1.12 upstream)
  • Revision ID: james.westby@ubuntu.com-20111005214732-skb0smj244cm8o46
Tags: 5.0.3-1
http://bugs.debian.org/644290
New upstream release, fixes XSS vulnerabilities.
Closes: #644290, CVE-2011-3598.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ajax-ac-insert.php
44
44
                echo "</tr>\n";
45
45
                $i=0;
46
46
                while ((!$res->EOF) && ($i < 11)) {
 
47
                        $j=0;
47
48
                        echo "<tr class=\"acline\">";
48
49
                        foreach ($res->fields as $n => $v) {
 
50
                                $finfo = $res->fetchField($j++);
49
51
                                if (in_array($n, $fkeynames))
50
 
                                        echo "<td><a href=\"javascript:void(0)\" class=\"fkval\" name=\"{$keyspos[$n]}\">",htmlentities($v), "</a></td>";
 
52
                                        echo "<td><a href=\"javascript:void(0)\" class=\"fkval\" name=\"{$keyspos[$n]}\">",
 
53
                                                $misc->printVal($v, $finfo->type, array('clip' => 'collapsed')),
 
54
                                                "</a></td>";
51
55
                                else
52
 
                                        echo "<td><a href=\"javascript:void(0)\">", htmlentities($v), "</a></td>";
 
56
                                        echo "<td><a href=\"javascript:void(0)\">",
 
57
                                                $misc->printVal($v, $finfo->type, array('clip' => 'collapsed')),
 
58
                                                "</a></td>";
53
59
                        }
54
60
                        echo "</tr>\n";
55
61
                        $i++;