From 242e2351c19bc332a07ae7f6a6d6c8229366c098 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Fri, 3 Sep 2004 12:10:07 +0000 Subject: [PATCH] Escape theme names (bug #1016608). --- ChangeLog | 1 + main.php | 2 +- themes.php | 10 +++++----- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5e8610c73..ad942767a 100755 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ $Source$ #1013787). * libraries/display_export.lib.php: Updated texts to fit Excel 2003 behaviour (bug #1018457). + * main.php, themes.php: Escape theme names (bug #1016608). 2004-09-01 Marc Delisle * libraries/auth/cookie.auth.lib.php: bug 939531: when people upgrade diff --git a/main.php b/main.php index 96c489cf7..98f73b04a 100644 --- a/main.php +++ b/main.php @@ -631,7 +631,7 @@ if (isset($available_themes_choices) && $available_themes_choices > 1) { if ($cur_theme == $theme) { echo ' selected="selected"'; } - echo '>' . $available_themes_choices_names[$cur_theme] . ''; + echo '>' . htmlspecialchars($available_themes_choices_names[$cur_theme]) . ''; } ?> diff --git a/themes.php b/themes.php index ae85f1a69..a210a6743 100644 --- a/themes.php +++ b/themes.php @@ -106,7 +106,7 @@ if ($handleThemes = opendir($path_to_themes)) { // open themes ' . $theme_name . ''; + echo '' . htmlspecialchars($theme_name) . ''; ?> @@ -119,17 +119,17 @@ if ($handleThemes = opendir($path_to_themes)) { // open themes if (document.getElementById) { document.write('style="border: 1px solid #000000;" '); } - document.write('alt=" - Theme" '); - document.write('title=" - Theme" />'); + document.write('alt=" - Theme" '); + document.write('title=" - Theme" />'); document.write('
'); document.write('[ '); - document.write(''); + document.write(''); document.write(' ]'); //-->