Avoid XSS on HTTP_HOST.

2005-11-21 12:46:10 +00:00
parent bee36e92a8
commit 0f8da57b54
2 changed files with 3 additions and 2 deletions
--- a/1
+++ b/1
@@ -15,6 +15,7 @@ $Source$
    * main.php, libraries/select_server.lib.php,
      libraries/auth/cookie.auth.lib.php: Escape verbose server name (bug
      #1362671).
+    * index.php: Avoid XSS on HTTP_HOST.

 2005-11-20 Marc Delisle  <lem9@users.sourceforge.net>
    ### 2.7.0-rc1 released
--- a/index.php
+++ b/index.php
@@ -129,7 +129,7 @@ header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
 <head>
 <link rel="icon" href="./favicon.ico" type="image/x-icon" />
 <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
-<title>phpMyAdmin <?php echo PMA_VERSION; ?> - <?php echo $HTTP_HOST; ?></title>
+<title>phpMyAdmin <?php echo PMA_VERSION; ?> - <?php echo htmlspecialchars($HTTP_HOST); ?></title>
 <meta http-equiv="Content-Type"
    content="text/html; charset=<?php echo $GLOBALS['charset']; ?>" />
 <script type="text/javascript" language="javascript">
@@ -164,4 +164,4 @@ header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
        </body>
    </noframes>
 </frameset>
-</html>
+</html>