diff options
| author | Marc Delisle <marc@infomarc.info> | 2007-10-02 20:49:32 +0400 |
|---|---|---|
| committer | Marc Delisle <marc@infomarc.info> | 2007-10-02 20:49:32 +0400 |
| commit | 337ac72d4d2ea0c1782b2c40b749f3cf5457679f (patch) | |
| tree | 3fc6d95da5964905d40d2d7ffb73f0666a5ba73d /browse_foreigners.php | |
| parent | 5cdbdaf8f875c4cd08acfb0bcbaff2802a9237eb (diff) | |
bug #1805773 [relations] browse foreign values: return values not escaped
Diffstat (limited to 'browse_foreigners.php')
| -rw-r--r-- | browse_foreigners.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/browse_foreigners.php b/browse_foreigners.php index 4d2670aa43..d9d4673c02 100644 --- a/browse_foreigners.php +++ b/browse_foreigners.php @@ -247,7 +247,7 @@ if (isset($disp_row) && is_array($disp_row)) { .'<a href="#" title="' . $strUseThisValue . ($key_ordered_current_val_title != '' ? ': ' . $key_ordered_current_val_title : '') . '"' .' onclick="formupdate(\'' . md5($field) . '\', \'' - . htmlspecialchars($key_ordered_current_key) . '\'); return false;">' + . htmlspecialchars(addslashes($key_ordered_current_key)) . '\'); return false;">' .htmlspecialchars($key_ordered_current_key) . '</a>' . ($key_ordered_current_equals_data ? '</b>' : ''); ?></td> <td> @@ -255,7 +255,7 @@ if (isset($disp_row) && is_array($disp_row)) { echo ($key_ordered_current_equals_data ? '<b>' : '') . '<a href="#" title="' . $strUseThisValue . ($key_ordered_current_val_title != '' ? ': ' . $key_ordered_current_val_title : '') . '" onclick="formupdate(\'' - . md5($field) . '\', \'' . htmlspecialchars($key_ordered_current_key) . '\'); return false;">' + . md5($field) . '\', \'' . htmlspecialchars(addslashes($key_ordered_current_key)) . '\'); return false;">' . $key_ordered_current_val . '</a>' . ($key_ordered_current_equals_data ? '</b>' : ''); ?></td> <td width="20%"> @@ -267,7 +267,7 @@ if (isset($disp_row) && is_array($disp_row)) { echo ($val_ordered_current_equals_data ? '<b>' : '') . '<a href="#" title="' . $strUseThisValue . ($val_ordered_current_val_title != '' ? ': ' . $val_ordered_current_val_title : '') . '" onclick="formupdate(\'' . md5($field) - . '\', \'' . htmlspecialchars($val_ordered_current_key) . '\'); return false;">' + . '\', \'' . htmlspecialchars(addslashes($val_ordered_current_key)) . '\'); return false;">' . $val_ordered_current_val . '</a>' . ($val_ordered_current_equals_data ? '</b>' : ''); ?></td> <td nowrap="nowrap"> @@ -275,7 +275,7 @@ if (isset($disp_row) && is_array($disp_row)) { echo ($val_ordered_current_equals_data ? '<b>' : '') . '<a href="#" title="' . $strUseThisValue . ($val_ordered_current_val_title != '' ? ': ' . $val_ordered_current_val_title : '') . '" onclick="formupdate(\'' . md5($field) . '\', \'' - . htmlspecialchars($val_ordered_current_key) . '\'); return false;">' . htmlspecialchars($val_ordered_current_key) + . htmlspecialchars(addslashes($val_ordered_current_key)) . '\'); return false;">' . htmlspecialchars($val_ordered_current_key) . '</a>' . ($val_ordered_current_equals_data ? '</b>' : ''); ?></td> </tr> |