From 0933619b6b2534b221817ea3f631cb984c258d6b Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Fri, 17 Mar 2006 01:26:17 +0000
Subject: [PATCH] XSS vulnerability

---
 ChangeLog                         | 1 +
 libraries/Theme_Manager.class.php | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7b55d0b7b..94bface6e 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,7 @@ $Source$
 
 2006-03-16 Marc Delisle  <lem9@users.sourceforge.net>
     * libraries/display_tbl.lib.php: undefined variable when a BLOB is NULL
+    * libraries/Theme_Manager.class.php: XSS vulnerability
 
 2006-03-16 Michal Čihař  <michal@cihar.com>
     * libraries/select_server.lib.php: Move end of fieldset to correct place
diff --git a/libraries/Theme_Manager.class.php b/libraries/Theme_Manager.class.php
index e8ca4dbd6..f5b8515ed 100644
--- a/libraries/Theme_Manager.class.php
+++ b/libraries/Theme_Manager.class.php
@@ -80,9 +80,9 @@ class PMA_Theme_Manager {
     {
         if ( ! $this->checkTheme($theme)) {
             $GLOBALS['PMA_errors'][] = sprintf($GLOBALS['strThemeNotFound'],
-                $theme);
+                PMA_sanitize($theme));
             trigger_error(
-                sprintf($GLOBALS['strThemeNotFound'], $theme),
+                sprintf($GLOBALS['strThemeNotFound'], PMA_sanitize($theme)),
                 E_USER_WARNING);
             return false;
         }