nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Escape theme names (bug #1016608).

Browse Source
This commit is contained in:
Michal Čihař
2004-09-03 12:10:07 +00:00
parent 09a20e6dfc
commit 242e2351c1
3 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -10,6 +10,7 @@ $Source$
#1013787). #1013787).
* libraries/display_export.lib.php: Updated texts to fit Excel 2003 * libraries/display_export.lib.php: Updated texts to fit Excel 2003
behaviour (bug #1018457). behaviour (bug #1018457).
* main.php, themes.php: Escape theme names (bug #1016608).
2004-09-01 Marc Delisle <lem9@users.sourceforge.net> 2004-09-01 Marc Delisle <lem9@users.sourceforge.net>
* libraries/auth/cookie.auth.lib.php: bug 939531: when people upgrade * libraries/auth/cookie.auth.lib.php: bug 939531: when people upgrade

2
main.php
View File

@@ -631,7 +631,7 @@ if (isset($available_themes_choices) && $available_themes_choices > 1) {
if ($cur_theme == $theme) { if ($cur_theme == $theme) {
echo ' selected="selected"'; echo ' selected="selected"';
} }
echo '>' . $available_themes_choices_names[$cur_theme] . '</option>'; echo '>' . htmlspecialchars($available_themes_choices_names[$cur_theme]) . '</option>';
} }
?> ?>
</select> </select>

10
themes.php
View File

@@ -106,7 +106,7 @@ if ($handleThemes = opendir($path_to_themes)) { // open themes
<tr> <tr>
<th align="left"> <th align="left">
<?php <?php
echo '<b>' . $theme_name . '</b>'; echo '<b>' . htmlspecialchars($theme_name) . '</b>';
?> ?>
</th> </th>
</tr> </tr>
@@ -119,17 +119,17 @@ if ($handleThemes = opendir($path_to_themes)) { // open themes
if (document.getElementById) { if (document.getElementById) {
document.write('style="border: 1px solid #000000;" '); document.write('style="border: 1px solid #000000;" ');
} }
document.write('alt="<?php echo $theme_name; ?> - Theme" '); document.write('alt="<?php echo htmlspecialchars(addslashes($theme_name)); ?> - Theme" ');
document.write('title="<?php echo $theme_name; ?> - Theme" />'); document.write('title="<?php echo htmlspecialchars(addslashes($theme_name)); ?> - Theme" />');
document.write('</a><br />'); document.write('</a><br />');
document.write('[ <b><a href="#top" onclick="takeThis(\'<?php echo $PMA_Theme; ?>\'); return false;">'); document.write('[ <b><a href="#top" onclick="takeThis(\'<?php echo $PMA_Theme; ?>\'); return false;">');
document.write('<?php echo (isset($strTakeIt) ? addslashes($strTakeIt) : 'take it'); ?>'); document.write('<?php echo addslashes($strTakeIt); ?>');
document.write('</a></b> ]'); document.write('</a></b> ]');
//--> //-->
</script> </script>
<noscript> <noscript>
<?php <?php
echo '<img src="' . $screen_directory . '/screen.png" border="1" alt="' . $theme_name . ' - Theme" />'; echo '<img src="' . $screen_directory . '/screen.png" border="1" alt="' . htmlspecialchars($theme_name) . ' - Theme" />';
?> ?>
</noscript> </noscript>
</td> </td>