[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_5RC1-18570-g68cb87a

Fri, 09 Sep 2011 10:12:52 -0700 

The branch, master has been updated
       via  68cb87a81829581e7457c4a8a6fe6b85ef663834 (commit)
      from  85fc658f3146d245d88d29085f98c62e686eee13 (commit)


- Log -----------------------------------------------------------------
commit 68cb87a81829581e7457c4a8a6fe6b85ef663834
Author: Marc Delisle <[email protected]>
Date:   Fri Sep 9 13:12:24 2011 -0400

    Escape HTML in column names and values before json_encode()

-----------------------------------------------------------------------

Summary of changes:
 tbl_chart.php |   15 +++++++++++++--
 1 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/tbl_chart.php b/tbl_chart.php
index 8caa38e..43de351 100644
--- a/tbl_chart.php
+++ b/tbl_chart.php
@@ -130,14 +130,25 @@ url_query = '<?php echo $url_query;?>';
     </div>
     <div style="float:left; padding-left:40px;">
         <?php echo __('X-Axis label:'); ?> <input style="margin-top:0;" 
type="text" name="xaxis_label" 
-            value="<?php echo ($yaxis == -1) ? __('X Values') : $keys[$yaxis]; 
?>"><br />
+            value="<?php echo ($yaxis == -1) ? __('X Values') : 
htmlspecialchars($keys[$yaxis]); ?>"><br />
         <?php echo __('Y-Axis label:'); ?> <input type="text" 
name="yaxis_label" value="<?php echo __('Y Values'); ?>">
     </div>
     <p style="clear:both;">&nbsp;</p>
     <div id="resizer" style="width:600px; height:400px;">
         <div id="inner-resizer">
             <div id="querychart" style="display:none;">
-                <?php echo json_encode($data); ?>
+<?php
+$sanitized_data = array();
+foreach ($data as $data_row_number => $data_row) {
+    $tmp_row = array();
+    foreach ($data_row as $data_column => $data_value) {
+        $tmp_row[htmlspecialchars($data_column)] = 
htmlspecialchars($data_value);
+    }
+    $sanitized_data[] = $tmp_row;
+} 
+echo json_encode($sanitized_data); 
+unset($sanitized_data);
+?>
             </div>
         </div>
     </div>


hooks/post-receive
-- 
phpMyAdmin

------------------------------------------------------------------------------
Why Cloud-Based Security and Archiving Make Sense
Osterman Research conducted this study that outlines how and why cloud
computing security and archiving is rapidly being adopted across the IT 
space for its ease of implementation, lower cost, and increased 
reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git

Reply via email to