File mysql-5.0.67-CVE-2008-4456.patch of Package mysql
Index: client/mysql.cc
===================================================================
--- client/mysql.cc.orig
+++ client/mysql.cc
@@ -3361,9 +3361,12 @@ print_table_data_html(MYSQL_RES *result)
{
while((field = mysql_fetch_field(result)))
{
- tee_fprintf(PAGER, "<TH>%s</TH>", (field->name ?
- (field->name[0] ? field->name :
- " ") : "NULL"));
+ tee_fputs("<TH>", PAGER);
+ if (field->name && field->name[0])
+ xmlencode_print(field->name, field->name_length);
+ else
+ tee_fputs(field->name ? " " : "NULL", PAGER);
+ tee_fputs("</TH>", PAGER);
}
(void) tee_fputs("</TR>", PAGER);
}
@@ -3374,7 +3377,7 @@ print_table_data_html(MYSQL_RES *result)
for (uint i=0; i < mysql_num_fields(result); i++)
{
(void) tee_fputs("<TD>", PAGER);
- safe_put_field(cur[i],lengths[i]);
+ xmlencode_print(cur[i], lengths[i]);
(void) tee_fputs("</TD>", PAGER);
}
(void) tee_fputs("</TR>", PAGER);
Index: mysql-test/r/mysql.result
===================================================================
--- mysql-test/r/mysql.result.orig
+++ mysql-test/r/mysql.result
@@ -180,4 +180,5 @@ ERROR at line 1: DELIMITER cannot contai
1
This is a file starting with UTF8 BOM 0xEFBBBF
This is a file starting with UTF8 BOM 0xEFBBBF
+<TABLE BORDER=1><TR><TH><</TH></TR><TR><TD>< & ></TD></TR></TABLE>
End of 5.0 tests
Index: mysql-test/t/mysql.test
===================================================================
--- mysql-test/t/mysql.test.orig
+++ mysql-test/t/mysql.test
@@ -290,4 +290,11 @@ EOF
--exec $MYSQL < $MYSQLTEST_VARDIR/tmp/bug29323.sql 2>&1
remove_file $MYSQLTEST_VARDIR/tmp/bug29323.sql;
+#
+# Bug #27884: mysql --html does not quote HTML special characters in output
+#
+--exec $MYSQL --html test -e "select '< & >' as \`<\`"
+
+--echo
+
--echo End of 5.0 tests
