Merge pull request #297 from phpmyadmin/security/296

SQL Injection in SearchController
author: Isaac Bennetch <bennetch@gmail.com> 2020-03-21 01:21:05 +0300
committer: GitHub <noreply@github.com> 2020-03-21 01:21:05 +0300
commit: 155f3b2b4117b08df9dc4fc8eae9f1054c9d9c1e (patch)
tree: 46e25b6dbb69a76e2d000b619cfff593bfbb91b3 /libraries
parent: 9ce61ea0e59a98147c156dd170cc0f8b95a7daaa (diff)
parent: a8acd7a42cf743186528b0453f90aaa32bfefabe (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/libraries/classes/Controllers/Table/TableSearchController.php b/libraries/classes/Controllers/Table/TableSearchController.php
index 90f945f0d4..16ed3fe1fd 100644
--- a/libraries/classes/Controllers/Table/TableSearchController.php
+++ b/libraries/classes/Controllers/Table/TableSearchController.php
@@ -420,8 +420,8 @@ class TableSearchController extends TableController
     public function getDataRowAction()
     {
         $extra_data = array();
-        $row_info_query = 'SELECT * FROM `' . $_POST['db'] . '`.`'
-            . $_POST['table'] . '` WHERE ' .  $_POST['where_clause'];
+        $row_info_query = 'SELECT * FROM ' . Util::backquote($_POST['db']) . '.'
+            . Util::backquote($_POST['table']) . ' WHERE ' .  $_POST['where_clause'];
         $result = $this->dbi->query(
             $row_info_query . ";",
             DatabaseInterface::CONNECT_USER,
author	Isaac Bennetch <bennetch@gmail.com>	2020-03-21 01:21:05 +0300
committer	GitHub <noreply@github.com>	2020-03-21 01:21:05 +0300
commit	155f3b2b4117b08df9dc4fc8eae9f1054c9d9c1e (patch)
tree	46e25b6dbb69a76e2d000b619cfff593bfbb91b3 /libraries
parent	9ce61ea0e59a98147c156dd170cc0f8b95a7daaa (diff)
parent	a8acd7a42cf743186528b0453f90aaa32bfefabe (diff)