1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
diff -Nur a/db_operations.php b/db_operations.php
--- a/db_operations.php 2006-11-19 01:28:45.000000000 +0100
+++ b/db_operations.php 2009-10-24 14:45:11.000000000 +0200
@@ -403,7 +403,7 @@
<?php
while ($pages = @PMA_DBI_fetch_assoc($test_rs)) {
echo ' <option value="' . $pages['page_nr'] . '">'
- . $pages['page_nr'] . ': ' . $pages['page_descr'] . '</option>' . "\n";
+ . $pages['page_nr'] . ': ' . htmlspecialchars($pages['page_descr']) . '</option>' . "\n";
} // end while
PMA_DBI_free_result($test_rs);
unset($test_rs);
diff -Nur a/pdf_pages.php b/pdf_pages.php
--- a/pdf_pages.php 2006-11-19 01:28:45.000000000 +0100
+++ b/pdf_pages.php 2009-10-24 14:44:44.000000000 +0200
@@ -271,7 +271,7 @@
if (isset($chpage) && $chpage == $curr_page['page_nr']) {
echo ' selected="selected"';
}
- echo '>' . $curr_page['page_nr'] . ': ' . $curr_page['page_descr'] . '</option>';
+ echo '>' . $curr_page['page_nr'] . ': ' . htmlspecialchars($curr_page['page_descr']) . '</option>';
} // end while
echo "\n";
?>
@@ -424,12 +424,12 @@
echo "\n" . ' <td>'
. "\n" . ' <select name="c_table_' . $i . '[name]">';
foreach ($selectboxall AS $key => $value) {
- echo "\n" . ' <option value="' . $value . '"';
+ echo "\n" . ' <option value="' . htmlspecialchars($value) . '"';
if ($value == $sh_page['table_name']) {
echo ' selected="selected"';
$tabExist[$_mtab] = TRUE;
}
- echo '>' . $value . '</option>';
+ echo '>' . htmlspecialchars($value) . '</option>';
} // end while
echo "\n" . ' </select>'
. "\n" . ' </td>';
@@ -457,7 +457,7 @@
echo "\n" . ' <td>'
. "\n" . ' <select name="c_table_' . $i . '[name]">';
foreach ($selectboxall AS $key => $value) {
- echo "\n" . ' <option value="' . $value . '">' . $value . '</option>';
+ echo "\n" . ' <option value="' . htmlspecialchars($value) . '">' . htmlspecialchars($value) . '</option>';
}
echo "\n" . ' </select>'
. "\n" . ' </td>';
@@ -488,8 +488,8 @@
if (!empty($tabExist) && is_array($tabExist)) {
foreach ($tabExist AS $key => $value) {
if (!$value) {
- $_strtrans .= '<input type="hidden" name="delrow[]" value="' . $key . '" />' . "\n";
- $_strname .= '<li>' . $key . '</li>' . "\n";
+ $_strtrans .= '<input type="hidden" name="delrow[]" value="' . htmlspecialchars($key) . '" />' . "\n";
+ $_strname .= '<li>' . htmlspecialchars($key) . '</li>' . "\n";
$shoot = TRUE;
}
}
|
