From 26c46c19dc5544f852d411661a3cfe37e175ebef Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Tue, 24 Jun 2008 17:33:50 +0000 Subject: [PATCH] bug #1989813 [interface] Deleting multiple views (space in name) --- ChangeLog | 1 + libraries/mult_submits.inc.php | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 01a98b37dd..2bd9ff055b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA - bug [XHTML] problem with tabindex and radio fields - bug #1971221 [interface] tabindex not set correctly - bug [views] VIEW name created via the GUI was not protected with backquotes +- bug #1989813 [interface] Deleting multiple views (space in name) 2.11.7.0 (2008-06-23) - bug #1908719 [interface] New field cannot be auto-increment and primary key diff --git a/libraries/mult_submits.inc.php b/libraries/mult_submits.inc.php index b9cff104d8..fdd16df945 100644 --- a/libraries/mult_submits.inc.php +++ b/libraries/mult_submits.inc.php @@ -160,7 +160,9 @@ if (!empty($submit_mult) && !empty($what)) { case 'drop_tbl': $current = urldecode($sval); - if (!empty($views) && in_array($current, $views)) { + // here we must compare with the value before urldecode() + // because $views has been treated with htmlspecialchars() + if (!empty($views) && in_array($sval, $views)) { $full_query_views .= (empty($full_query_views) ? 'DROP VIEW ' : ', ') . PMA_backquote(htmlspecialchars($current)); } else { @@ -322,7 +324,9 @@ elseif ($mult_btn == $strYes) { case 'drop_tbl': PMA_relationsCleanupTable($db, $selected[$i]); $current = urldecode($selected[$i]); - if (!empty($views) && in_array($current, $views)) { + // here we must compare with the value before urldecode() + // because $views has been treated with htmlspecialchars() + if (!empty($views) && in_array($selected[$i], $views)) { $sql_query_views .= (empty($sql_query_views) ? 'DROP VIEW ' : ', ') . PMA_backquote($current); } else { -- 2.11.4.GIT