blob: 1c00ea59f65f85c08e60f3d388dca8b8836b6486 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
When using the commandline client and --html, HTML entities are not encoded,
leading to a potential XSS.
This is the testcase portion from the original patch, ported to 5.0.72.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Patch-URL: http://bugs.mysql.com/file.php?id=9232
MySQL-Bug: 27884
MySQL-Bug-URL: http://bugs.mysql.com/bug.php?id=27884
Gentoo-Bug: 240407
Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=240407
diff -Nuar --exclude '*.orig' --exclude '*.rej' mysql-5.0.83.orig/mysql-test/r/mysql.result mysql-5.0.83/mysql-test/r/mysql.result
--- mysql-5.0.83.orig/mysql-test/r/mysql.result 2009-05-29 12:13:30.000000000 -0700
+++ mysql-5.0.83/mysql-test/r/mysql.result 2009-07-06 02:09:05.487492424 -0700
@@ -186,6 +186,7 @@
2
2
2
+<TABLE BORDER=1><TR><TH><</TH></TR><TR><TD>< & ></TD></TR></TABLE>
@z:='1' @z=database()
1 NULL
1
diff -Nuar --exclude '*.orig' --exclude '*.rej' mysql-5.0.83.orig/mysql-test/t/mysql.test mysql-5.0.83/mysql-test/t/mysql.test
--- mysql-5.0.83.orig/mysql-test/t/mysql.test 2009-05-29 12:13:00.000000000 -0700
+++ mysql-5.0.83/mysql-test/t/mysql.test 2009-07-06 02:12:42.927788472 -0700
@@ -320,6 +320,12 @@
remove_file $MYSQLTEST_VARDIR/tmp/bug38158.sql;
#
+# Bug #27884: mysql-5.0.83 --html does not quote HTML special characters in output
+#
+--exec $MYSQL --html test -e "select '< & >' as \`<\`"
+--echo
+
+#
# Bug #41437: Value stored in 'case' lacks charset, causees segfault
#
--exec $MYSQL -e "select @z:='1',@z=database()"
|