1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
$NetBSD: patch-bh,v 1.3 2009/01/28 09:44:34 he Exp $
What was here before: workaround for our use of -ledit instead
of the real readline (?).
New: add patch from http://bugs.mysql.com/file.php?id=9232,
referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
vulnerability recorded in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
--- client/mysql.cc.orig 2008-08-04 12:19:04.000000000 +0000
+++ client/mysql.cc
@@ -2263,7 +2263,11 @@ static char **new_mysql_completion (cons
*/
#if defined(USE_NEW_READLINE_INTERFACE) || defined(USE_LIBEDIT_INTERFACE)
+# if defined(__NetBSD__) || defined(__DragonFly__)
+int no_completion(const char *, int)
+# else
char *no_completion(const char*,int)
+# endif
#else
char *no_completion()
#endif
@@ -3361,9 +3365,12 @@ print_table_data_html(MYSQL_RES *result)
{
while((field = mysql_fetch_field(result)))
{
- tee_fprintf(PAGER, "<TH>%s</TH>", (field->name ?
- (field->name[0] ? field->name :
- " ") : "NULL"));
+ tee_fputs("<TH>", PAGER);
+ if (field->name && field->name[0])
+ xmlencode_print(field->name, field->name_length);
+ else
+ tee_fputs(field->name ? " " : "NULL", PAGER);
+ tee_fputs("</TH>", PAGER);
}
(void) tee_fputs("</TR>", PAGER);
}
@@ -3374,7 +3381,7 @@ print_table_data_html(MYSQL_RES *result)
for (uint i=0; i < mysql_num_fields(result); i++)
{
(void) tee_fputs("<TD>", PAGER);
- safe_put_field(cur[i],lengths[i]);
+ xmlencode_print(cur[i], lengths[i]);
(void) tee_fputs("</TD>", PAGER);
}
(void) tee_fputs("</TR>", PAGER);
|