XSS vulnerability

2006-03-17 01:26:17 +00:00
parent b628fcc8a9
commit 0933619b6b
2 changed files with 3 additions and 2 deletions
--- a/1
+++ b/1
@@ -7,6 +7,7 @@ $Source$

 2006-03-16 Marc Delisle  <lem9@users.sourceforge.net>
    * libraries/display_tbl.lib.php: undefined variable when a BLOB is NULL
+    * libraries/Theme_Manager.class.php: XSS vulnerability

 2006-03-16 Michal Čihař  <michal@cihar.com>
    * libraries/select_server.lib.php: Move end of fieldset to correct place
--- a/libraries/Theme_Manager.class.php
+++ b/libraries/Theme_Manager.class.php
@@ -80,9 +80,9 @@ class PMA_Theme_Manager {
    {
        if ( ! $this->checkTheme($theme)) {
            $GLOBALS['PMA_errors'][] = sprintf($GLOBALS['strThemeNotFound'],
-                $theme);
+                PMA_sanitize($theme));
            trigger_error(
-                sprintf($GLOBALS['strThemeNotFound'], $theme),
+                sprintf($GLOBALS['strThemeNotFound'], PMA_sanitize($theme)),
                E_USER_WARNING);
            return false;
        }