diff options
| author | Herman van Rink <rink@initfour.nl> | 2011-07-30 18:24:26 +0400 |
|---|---|---|
| committer | Herman van Rink <rink@initfour.nl> | 2011-07-30 18:24:26 +0400 |
| commit | 66c0be92d781cd9f2934de49d2e2bd2d76130eea (patch) | |
| tree | d8b027ea3cc2a9e3a085af319a4597520bdfcd7a /tbl_chart.php | |
| parent | 490d614825be48cca105a0fd70d59bf1085a6b0d (diff) | |
Possible XSS in chart page
Diffstat (limited to 'tbl_chart.php')
| -rw-r--r-- | tbl_chart.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/tbl_chart.php b/tbl_chart.php index 44ec28f664..06b1e71354 100644 --- a/tbl_chart.php +++ b/tbl_chart.php @@ -102,10 +102,10 @@ url_query = '<?php echo $url_query;?>'; foreach ($keys as $idx => $key) { if ($yaxis == -1 && (($idx == count($data[0]) - 1) || preg_match("/(date|time)/i", $key))) { - echo '<option value="' . $idx . '" selected>' . $key . '</option>'; + echo '<option value="' . htmlspecialchars($idx) . '" selected>' . htmlspecialchars($key) . '</option>'; $yaxis=$idx; } else { - echo '<option value="' . $idx . '">' . $key . '</option>'; + echo '<option value="' . htmlspecialchars($idx) . '">' . htmlspecialchars($key) . '</option>'; } } @@ -116,7 +116,7 @@ url_query = '<?php echo $url_query;?>'; <option value="columns"><?php echo __('The remaining columns'); ?></option> <?php foreach ($keys as $idx => $key) { - echo '<option>' . $key . '</option>'; + echo '<option>' . htmlspecialchars($key) . '</option>'; } ?> </select> |