From e8d03b498ab117591104e55a779fdfe63b06ebd4 Mon Sep 17 00:00:00 2001
From: Alex Dehnert <adehnert@mit.edu>
Date: Thu, 7 Apr 2011 00:42:04 +0000
Subject: [PATCH] Fix XSS vulnerabilities

git-svn-id: svn://sql.mit.edu/sql@191 a142d4bd-2cfb-0310-9673-cb33a7e74f58
---
 lib/proc.lib.php | 4 ++--
 tpl/main.php     | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/proc.lib.php b/lib/proc.lib.php
index 865d498..2a07094 100644
--- a/lib/proc.lib.php
+++ b/lib/proc.lib.php
@@ -27,7 +27,7 @@ class proc {
 				$err1[] = 'Database already exists.';
 			}
 		} else {
-			$msg1[] = 'Database `'.$dbname.'` created.';
+			$msg1[] = 'Database `'.htmlentities($dbname).'` created.';
 		}
 		$i_newdb = $dbname;
 		return array($msg1, $err1);
@@ -37,7 +37,7 @@ class proc {
 		$dropdbs = array_keys($i_drop);
 		foreach($dropdbs as $dbname) {
 			if ($User->delDB($dbname)) {
-				$msg1[] = 'Database `'.$dbname.'` dropped.';
+				$msg1[] = 'Database `'.htmlentities($dbname).'` dropped.';
 			} else {
 				$err1[] = mysql_error();
 			}
diff --git a/tpl/main.php b/tpl/main.php
index aa02cef..89b0432 100644
--- a/tpl/main.php
+++ b/tpl/main.php
@@ -6,7 +6,7 @@ if (isset($i_dropask)) {
 	$dropdbs = array_keys($i_dropask);
 	echo '<form method="post" action="', $URI,'">';
 	foreach($dropdbs as $dbname) {
-		$msg1[] = 'Are you sure you want to drop `'.$dbname.'`? <input style="position:absolute; right:20px;" type="submit" name="drop['.$dbname.']" value="Yes">';
+		$msg1[] = 'Are you sure you want to drop `'.htmlentities($dbname).'`? <input style="position:absolute; right:20px;" type="submit" name="drop['.htmlentities($dbname).']" value="Yes">';
 	}
 	echo '</form>';
 }
@@ -35,7 +35,7 @@ if (isset($i_dropask)) {
 		else $percentage = 0;
 		echo printBar($percentage, $db['Name'], str_replace(' ', '&nbsp;', sprintSize($db['nBytes'])));
 		echo '</td><td>';
-		echo '<input type="submit" name="dropask[',$db['Name'],']" value="drop">';
+		echo '<input type="submit" name="dropask[',htmlentities($db['Name']),']" value="drop">';
 		echo '</td></tr>';
 	}
 	if ($total>0) {
-- 
2.45.0