diff options
author | Michal Čihař <mcihar@novell.com> | 2010-08-17 18:31:03 +0400 |
---|---|---|
committer | Michal Čihař <mcihar@novell.com> | 2010-08-18 13:30:19 +0400 |
commit | ea3b718fc379c15e773cc2f18ea4c8ccfa9af57b (patch) | |
tree | 5984dcfaae350fefc0e28263ea7aac96bb8acea1 /server_databases.php | |
parent | 7f266483b827fb05a4be11663003418c2ef1c878 (diff) |
Secure handling of sort_by and sort_order in server_databases.php.
Diffstat (limited to 'server_databases.php')
-rw-r--r-- | server_databases.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/server_databases.php b/server_databases.php index 47037cc66e..89571d107c 100644 --- a/server_databases.php +++ b/server_databases.php @@ -342,11 +342,11 @@ if ($databases_count > 0) { unset($column_order, $stat_name, $stat, $databases, $table_columns); if ($is_superuser || $cfg['AllowUserDropDatabase']) { - $common_url_query = PMA_generate_common_url() . '&sort_by=' . $sort_by . '&sort_order=' . $sort_order . '&dbstats=' . $dbstats; + $common_url_query = PMA_generate_common_url(array('sort_by' => $sort_by, 'sort_order' => $sort_order, 'dbstats' => $dbstats)); echo '<img class="selectallarrow" src="' . $pmaThemeImage . 'arrow_' . $text_dir . '.png" width="38" height="22" alt="' . $strWithChecked . '" />' . "\n" - . '<a href="./server_databases.php?' . $common_url_query . '&checkall=1" onclick="if (markAllRows(\'tabledatabases\')) return false;">' . "\n" + . '<a href="./server_databases.php' . $common_url_query . '&checkall=1" onclick="if (markAllRows(\'tabledatabases\')) return false;">' . "\n" . ' ' . $strCheckAll . '</a> / ' . "\n" - . '<a href="./server_databases.php?' . $common_url_query . '" onclick="if (unMarkAllRows(\'tabledatabases\')) return false;">' . "\n" + . '<a href="./server_databases.php' . $common_url_query . '" onclick="if (unMarkAllRows(\'tabledatabases\')) return false;">' . "\n" . ' ' . $strUncheckAll . '</a>' . "\n" . '<i>' . $strWithChecked . '</i>' . "\n"; PMA_buttonOrImage('drop_selected_dbs', 'mult_submit', 'drop_selected_dbs', $strDrop, 'b_deltbl.png'); |