nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

XSS in Tracking page

Browse Source
This commit is contained in:
Herman van Rink
2011-05-20 12:41:33 -04:00
committed by Marc Delisle
parent b7a8179eb6
commit d3ccf798fd
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tbl_tracking.php
View File

@@ -632,7 +632,7 @@ if ($last_version > 0) {
<div id="div_deactivate_tracking"> <div id="div_deactivate_tracking">
<form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>"> <form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>">
<fieldset> <fieldset>
<legend><?php printf(__('Deactivate tracking for %s.%s'), $GLOBALS['db'], $GLOBALS['table']); ?></legend> <legend><?php printf(__('Deactivate tracking for %s.%s'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])); ?></legend>
<input type="hidden" name="version" value="<?php echo $last_version; ?>" /> <input type="hidden" name="version" value="<?php echo $last_version; ?>" />
<input type="submit" name="submit_deactivate_now" value="<?php echo __('Deactivate now'); ?>" /> <input type="submit" name="submit_deactivate_now" value="<?php echo __('Deactivate now'); ?>" />
</fieldset> </fieldset>
@@ -645,7 +645,7 @@ if ($last_version > 0) {
<div id="div_activate_tracking"> <div id="div_activate_tracking">
<form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>"> <form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>">
<fieldset> <fieldset>
<legend><?php printf(__('Activate tracking for %s.%s'), $GLOBALS['db'], $GLOBALS['table']); ?></legend> <legend><?php printf(__('Activate tracking for %s.%s'), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])); ?></legend>
<input type="hidden" name="version" value="<?php echo $last_version; ?>" /> <input type="hidden" name="version" value="<?php echo $last_version; ?>" />
<input type="submit" name="submit_activate_now" value="<?php echo __('Activate now'); ?>" /> <input type="submit" name="submit_activate_now" value="<?php echo __('Activate now'); ?>" />
</fieldset> </fieldset>
@@ -660,7 +660,7 @@ if ($last_version > 0) {
<form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>"> <form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>">
<?php echo PMA_generate_common_hidden_inputs($GLOBALS['db'], $GLOBALS['table']); ?> <?php echo PMA_generate_common_hidden_inputs($GLOBALS['db'], $GLOBALS['table']); ?>
<fieldset> <fieldset>
<legend><?php printf(__('Create version %s of %s.%s'), ($last_version + 1), $GLOBALS['db'], $GLOBALS['table']); ?></legend> <legend><?php printf(__('Create version %s of %s.%s'), ($last_version + 1), htmlspecialchars($GLOBALS['db']), htmlspecialchars($GLOBALS['table'])); ?></legend>
<input type="hidden" name="version" value="<?php echo ($last_version + 1); ?>" /> <input type="hidden" name="version" value="<?php echo ($last_version + 1); ?>" />