From 184934bb10bbe9c9dcc3fe35cf2760029d1974ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Tue, 24 Mar 2009 08:55:07 +0000
Subject: [PATCH] Escape special chars when displaying filename template
 cookies.

---
 libraries/display_export.lib.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libraries/display_export.lib.php b/libraries/display_export.lib.php
index ad07a404b..e3b533613 100644
--- a/libraries/display_export.lib.php
+++ b/libraries/display_export.lib.php
@@ -173,19 +173,19 @@ echo PMA_pluginGetJavascript($export_list);
         echo ' value="';
         if ($export_type == 'database') {
             if (isset($_COOKIE) && !empty($_COOKIE['pma_db_filename_template'])) {
-                echo $_COOKIE['pma_db_filename_template'];
+                echo htmlspecialchars($_COOKIE['pma_db_filename_template']);
             } else {
                 echo $GLOBALS['cfg']['Export']['file_template_database'];
             }
         } elseif ($export_type == 'table') {
             if (isset($_COOKIE) && !empty($_COOKIE['pma_table_filename_template'])) {
-                echo $_COOKIE['pma_table_filename_template'];
+                echo htmlspecialchars($_COOKIE['pma_table_filename_template']);
             } else {
                 echo $GLOBALS['cfg']['Export']['file_template_table'];
             }
         } else {
             if (isset($_COOKIE) && !empty($_COOKIE['pma_server_filename_template'])) {
-                echo $_COOKIE['pma_server_filename_template'];
+                echo htmlspecialchars($_COOKIE['pma_server_filename_template']);
             } else {
                 echo $GLOBALS['cfg']['Export']['file_template_server'];
             }