nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Avoid XSS on HTTP_HOST.

Browse Source
This commit is contained in:
Michal Čihař
2005-11-21 12:46:10 +00:00
parent bee36e92a8
commit 0f8da57b54
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -15,6 +15,7 @@ $Source$
* main.php, libraries/select_server.lib.php, * main.php, libraries/select_server.lib.php,
libraries/auth/cookie.auth.lib.php: Escape verbose server name (bug libraries/auth/cookie.auth.lib.php: Escape verbose server name (bug
#1362671). #1362671).
* index.php: Avoid XSS on HTTP_HOST.
2005-11-20 Marc Delisle <lem9@users.sourceforge.net> 2005-11-20 Marc Delisle <lem9@users.sourceforge.net>
### 2.7.0-rc1 released ### 2.7.0-rc1 released

4
index.php
View File

@@ -129,7 +129,7 @@ header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
<head> <head>
<link rel="icon" href="./favicon.ico" type="image/x-icon" /> <link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<title>phpMyAdmin <?php echo PMA_VERSION; ?> - <?php echo $HTTP_HOST; ?></title> <title>phpMyAdmin <?php echo PMA_VERSION; ?> - <?php echo htmlspecialchars($HTTP_HOST); ?></title>
<meta http-equiv="Content-Type" <meta http-equiv="Content-Type"
content="text/html; charset=<?php echo $GLOBALS['charset']; ?>" /> content="text/html; charset=<?php echo $GLOBALS['charset']; ?>" />
<script type="text/javascript" language="javascript"> <script type="text/javascript" language="javascript">
@@ -164,4 +164,4 @@ header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
</body> </body>
</noframes> </noframes>
</frameset> </frameset>
</html> </html>