From 7553544cd1c1c95ea7bcd29f4cafdc427a85a9f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <mcihar@suse.cz>
Date: Wed, 14 Mar 2012 17:16:55 +0100
Subject: [PATCH] Escape version before printing

---
 tbl_tracking.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tbl_tracking.php b/tbl_tracking.php
index 96d502418..36496e880 100644
--- a/tbl_tracking.php
+++ b/tbl_tracking.php
@@ -180,7 +180,7 @@ if (isset($_REQUEST['submit_create_version'])) {
     $tracking_set = rtrim($tracking_set, ',');
 
     if (PMA_Tracker::createVersion($GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'], $tracking_set )) {
-        $msg = PMA_Message::success(sprintf(__('Version %s is created, tracking for %s.%s is activated.'), $_REQUEST['version'], htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])));
+        $msg = PMA_Message::success(sprintf(__('Version %s is created, tracking for %s.%s is activated.'), htmlspecialchars($_REQUEST['version']), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])));
         $msg->display();
     }
 }
@@ -188,7 +188,7 @@ if (isset($_REQUEST['submit_create_version'])) {
 // Deactivate tracking
 if (isset($_REQUEST['submit_deactivate_now'])) {
     if (PMA_Tracker::deactivateTracking($GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'])) {
-        $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is deactivated.'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table']), $_REQUEST['version']));
+        $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is deactivated.'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table']), htmlspecialchars($_REQUEST['version'])));
         $msg->display();
     }
 }
@@ -196,7 +196,7 @@ if (isset($_REQUEST['submit_deactivate_now'])) {
 // Activate tracking
 if (isset($_REQUEST['submit_activate_now'])) {
     if (PMA_Tracker::activateTracking($GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'])) {
-        $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is activated.'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table']), $_REQUEST['version']));
+        $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is activated.'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table']), htmlspecialchars($_REQUEST['version'])));
         $msg->display();
     }
 }
@@ -254,7 +254,7 @@ if (isset($_REQUEST['snapshot'])) {
         $drop_create_statements .= $data['ddlog'][1]['statement'];
     }
     // Print SQL code
-    PMA_showMessage(sprintf(__('Version %s snapshot (SQL code)'), $_REQUEST['version']), $drop_create_statements);
+    PMA_showMessage(sprintf(__('Version %s snapshot (SQL code)'), htmlspecialchars($_REQUEST['version'])), $drop_create_statements);
 
     // Unserialize snapshot
     $temp = unserialize($data['schema_snapshot']);