* Fix multiple bugs about quoting and escaping database objects names with special chars
* Fix multiple bugs in the browser tree
* Fix multiple bugs on the SQL and script file import form
-* One security fix about code injection
+* Three security fix about code injection
* Don't allow inserting on a table without fields
* Some fix about commenting databases
* removed deprecated functions from PHP 5.3
echo "<link rel=\"shortcut icon\" href=\"images/themes/{$conf['theme']}/Favicon.ico\" type=\"image/vnd.microsoft.icon\" />\n";
echo "<link rel=\"icon\" type=\"image/png\" href=\"images/themes/{$conf['theme']}/Introduction.png\" />\n";
echo "<title>", htmlspecialchars($appName);
- if ($title != '') echo " - {$title}";
+ if ($title != '') echo htmlspecialchars(" - {$title}");
echo "</title>\n";
if ($script) echo "{$script}\n";
// Return
if (isset($_REQUEST['return_url']) && isset($_REQUEST['return_desc']))
- echo "\t<li><a href=\"{$_REQUEST['return_url']}\">{$_REQUEST['return_desc']}</a></li>\n";
+ echo "\t<li><a href=\"". htmlspecialchars($_REQUEST['return_url']) ."\">". htmlspecialchars($_REQUEST['return_desc']) ."</a></li>\n";
// Edit SQL link
if (isset($_REQUEST['query']))
projects / phppgadmin.git / commitdiff