Escape special chars when displaying filename template cookies.

2009-03-24 08:55:07 +00:00
parent e67226a446
commit 184934bb10
1 changed files with 3 additions and 3 deletions
--- a/libraries/display_export.lib.php
+++ b/libraries/display_export.lib.php
@@ -173,19 +173,19 @@ echo PMA_pluginGetJavascript($export_list);
        echo ' value="';
        if ($export_type == 'database') {
            if (isset($_COOKIE) && !empty($_COOKIE['pma_db_filename_template'])) {
-                echo $_COOKIE['pma_db_filename_template'];
+                echo htmlspecialchars($_COOKIE['pma_db_filename_template']);
            } else {
                echo $GLOBALS['cfg']['Export']['file_template_database'];
            }
        } elseif ($export_type == 'table') {
            if (isset($_COOKIE) && !empty($_COOKIE['pma_table_filename_template'])) {
-                echo $_COOKIE['pma_table_filename_template'];
+                echo htmlspecialchars($_COOKIE['pma_table_filename_template']);
            } else {
                echo $GLOBALS['cfg']['Export']['file_template_table'];
            }
        } else {
            if (isset($_COOKIE) && !empty($_COOKIE['pma_server_filename_template'])) {
-                echo $_COOKIE['pma_server_filename_template'];
+                echo htmlspecialchars($_COOKIE['pma_server_filename_template']);
            } else {
                echo $GLOBALS['cfg']['Export']['file_template_server'];
            }