Slightly far fetched XSS prevention

2011-08-19 11:01:45 +02:00
parent 4e5c583dcf
commit f00c57bdf3
1 changed files with 5 additions and 5 deletions
--- a/tbl_tracking.php
+++ b/tbl_tracking.php
@@ -423,8 +423,8 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) {
        ?>
                <tr class="noclick <?php echo $style; ?>">
                    <td><small><?php echo $i;?></small></td>
-                    <td><small><?php echo $entry['date'];?></small></td>
+                    <td><small><?php echo htmlspecialchars($entry['date']);?></small></td>
-                    <td><small><?php echo $entry['username']; ?></small></td>
+                    <td><small><?php echo htmlspecialchars($entry['username']); ?></small></td>
                    <td><?php echo $statement; ?></td>
                </tr>
        <?php
@@ -613,9 +613,9 @@ if ($last_version > 0) {
        <tr class="noclick <?php echo $style;?>">
            <td><?php echo htmlspecialchars($version['db_name']);?></td>
            <td><?php echo htmlspecialchars($version['table_name']);?></td>
-            <td><?php echo $version['version'];?></td>
+            <td><?php echo htmlspecialchars($version['version']);?></td>
-            <td><?php echo $version['date_created'];?></td>
+            <td><?php echo htmlspecialchars($version['date_created']);?></td>
-            <td><?php echo $version['date_updated'];?></td>
+            <td><?php echo htmlspecialchars($version['date_updated']);?></td>
            <td><?php echo $version_status;?></td>
            <td> <a href="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $version['version'])
 );?>"><?php echo __('Tracking report');?></a>