From: Jehan-Guillaume (ioguix) de Rorthais <ioguix@free.fr>
Date: Fri, 16 Dec 2011 23:25:10 +0000 (+0100)
Subject: Securing $misc->href
X-Git-Tag: REL_5-1-0~98
X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=4d54fca60d869f9706200dfa7b5e502ecd4837f8;p=phppgadmin.git

Securing $misc->href

See http://php.net/manual/en/function.urlencode.php
This is only used in href parameter of A tag and should be escaped
properly.
---

diff --git a/classes/Misc.php b/classes/Misc.php
index 3a04ddc7..49774ff6 100644
--- a/classes/Misc.php
+++ b/classes/Misc.php
@@ -40,13 +40,13 @@
 			if (isset($_REQUEST['server']) && $exclude_from != 'server') {
 				$href .= 'server=' . urlencode($_REQUEST['server']);
 				if (isset($_REQUEST['database']) && $exclude_from != 'database') {
-					$href .= '&amp;database=' . urlencode($_REQUEST['database']);
+					$href .= '&database=' . urlencode($_REQUEST['database']);
 					if (isset($_REQUEST['schema']) && $exclude_from != 'schema') {
-						$href .= '&amp;schema=' . urlencode($_REQUEST['schema']);
+						$href .= '&schema=' . urlencode($_REQUEST['schema']);
 					}
 				}
 			}
-			return $href;
+			return htmlentities($href);
 		}
 
 		/**