Add some htmlspecialchars for XSS prevention

author: Herman van Rink <rink@initfour.nl> 2010-08-25 17:43:42 +0400
committer: Herman van Rink <rink@initfour.nl> 2010-08-25 19:06:34 +0400
commit: d8edf38d0d66d2b30d7e8d56f85334c326527a31 (patch)
tree: d1b9b7296ea189c1bf213d123052fc472f6a7375 /tbl_chart.php
parent: b477c4cb1a0ccbe75bd748470d590d7805b48e5d (diff)
1 files changed, 15 insertions, 15 deletions
diff --git a/tbl_chart.php b/tbl_chart.php
index f02a73b743..bd565125f3 100644
--- a/tbl_chart.php
+++ b/tbl_chart.php
@@ -85,47 +85,47 @@ $url_params['reload'] = 1;
         <?php echo $chart; ?>
     </div>
 
-    <input type="hidden" name="sql_query" id="sql_query" value="<?php echo $sql_query; ?>" />
+    <input type="hidden" name="sql_query" id="sql_query" value="<?php echo htmlspecialchars($sql_query); ?>" />
 
     <table>
     <tr><td><label for="width"><?php echo __("Width"); ?></label></td>
-        <td><input type="text" name="chartSettings[width]" id="width" value="<?php echo (isset($chartSettings['width']) ? $chartSettings['width'] : ''); ?>" /></td>
+        <td><input type="text" name="chartSettings[width]" id="width" value="<?php echo (isset($chartSettings['width']) ? htmlspecialchars($chartSettings['width']) : ''); ?>" /></td>
     </tr>
 
     <tr><td><label for="height"><?php echo __("Height"); ?></label></td>
-        <td><input type="text" name="chartSettings[height]" id="height" value="<?php echo (isset($chartSettings['height']) ? $chartSettings['height'] : ''); ?>" /></td>
+        <td><input type="text" name="chartSettings[height]" id="height" value="<?php echo (isset($chartSettings['height']) ? htmlspecialchars($chartSettings['height']) : ''); ?>" /></td>
     </tr>
 
     <tr><td><label for="titleText"><?php echo __("Title"); ?></label></td>
-        <td><input type="text" name="chartSettings[titleText]" id="titleText" value="<?php echo (isset($chartSettings['titleText']) ? $chartSettings['titleText'] : ''); ?>" /></td>
+        <td><input type="text" name="chartSettings[titleText]" id="titleText" value="<?php echo (isset($chartSettings['titleText']) ? htmlspecialchars($chartSettings['titleText']) : ''); ?>" /></td>
     </tr>
 
     <?php if ($chartSettings['type'] != 'pie' && $chartSettings['type'] != 'radar') { ?>
     <tr><td><label for="xLabel"><?php echo __("X Axis label"); ?></label></td>
-        <td><input type="text" name="chartSettings[xLabel]" id="xLabel" value="<?php echo (isset($chartSettings['xLabel']) ? $chartSettings['xLabel'] : ''); ?>" /></td>
+        <td><input type="text" name="chartSettings[xLabel]" id="xLabel" value="<?php echo (isset($chartSettings['xLabel']) ? htmlspecialchars($chartSettings['xLabel']) : ''); ?>" /></td>
     </tr>
 
     <tr><td><label for="yLabel"><?php echo __("Y Axis label"); ?></label></td>
-        <td><input type="text" name="chartSettings[yLabel]" id="yLabel" value="<?php echo (isset($chartSettings['yLabel']) ? $chartSettings['yLabel'] : ''); ?>" /></td>
+        <td><input type="text" name="chartSettings[yLabel]" id="yLabel" value="<?php echo (isset($chartSettings['yLabel']) ? htmlspecialchars($chartSettings['yLabel']) : ''); ?>" /></td>
     </tr>
     <?php } ?>
 
     <tr><td><label for="areaMargins"><?php echo __("Area margins"); ?></label></td>
         <td>
-            <input type="text" name="chartSettings[areaMargins][]" size="2" value="<?php echo (isset($chartSettings['areaMargins'][0]) ? $chartSettings['areaMargins'][0] : ''); ?>" />
-            <input type="text" name="chartSettings[areaMargins][]" size="2" value="<?php echo (isset($chartSettings['areaMargins'][1]) ? $chartSettings['areaMargins'][1] : ''); ?>" />
-            <input type="text" name="chartSettings[areaMargins][]" size="2" value="<?php echo (isset($chartSettings['areaMargins'][2]) ? $chartSettings['areaMargins'][2] : ''); ?>" />
-            <input type="text" name="chartSettings[areaMargins][]" size="2" value="<?php echo (isset($chartSettings['areaMargins'][3]) ? $chartSettings['areaMargins'][3] : ''); ?>" />
+            <input type="text" name="chartSettings[areaMargins][]" size="2" value="<?php echo (isset($chartSettings['areaMargins'][0]) ? htmlspecialchars($chartSettings['areaMargins'][0]) : ''); ?>" />
+            <input type="text" name="chartSettings[areaMargins][]" size="2" value="<?php echo (isset($chartSettings['areaMargins'][1]) ? htmlspecialchars($chartSettings['areaMargins'][1]) : ''); ?>" />
+            <input type="text" name="chartSettings[areaMargins][]" size="2" value="<?php echo (isset($chartSettings['areaMargins'][2]) ? htmlspecialchars($chartSettings['areaMargins'][2]) : ''); ?>" />
+            <input type="text" name="chartSettings[areaMargins][]" size="2" value="<?php echo (isset($chartSettings['areaMargins'][3]) ? htmlspecialchars($chartSettings['areaMargins'][3]) : ''); ?>" />
         </td>
     </tr>
 
     <?php if ($chartSettings['legend'] == true) { ?>
     <tr><td><label for="legendMargins"><?php echo __("Legend margins"); ?></label></td>
         <td>
-            <input type="text" name="chartSettings[legendMargins][]" size="2" value="<?php echo $chartSettings['legendMargins'][0]; ?>" />
-            <input type="text" name="chartSettings[legendMargins][]" size="2" value="<?php echo $chartSettings['legendMargins'][1]; ?>" />
-            <input type="text" name="chartSettings[legendMargins][]" size="2" value="<?php echo $chartSettings['legendMargins'][2]; ?>" />
-            <input type="text" name="chartSettings[legendMargins][]" size="2" value="<?php echo $chartSettings['legendMargins'][3]; ?>" />
+            <input type="text" name="chartSettings[legendMargins][]" size="2" value="<?php echo htmlspecialchars($chartSettings['legendMargins'][0]); ?>" />
+            <input type="text" name="chartSettings[legendMargins][]" size="2" value="<?php echo htmlspecialchars($chartSettings['legendMargins'][1]); ?>" />
+            <input type="text" name="chartSettings[legendMargins][]" size="2" value="<?php echo htmlspecialchars($chartSettings['legendMargins'][2]); ?>" />
+            <input type="text" name="chartSettings[legendMargins][]" size="2" value="<?php echo htmlspecialchars($chartSettings['legendMargins'][3]); ?>" />
         </td>
     </tr>
     <?php } ?>
@@ -158,7 +158,7 @@ $url_params['reload'] = 1;
     </tr>
 
     <tr><td><label for="fontSize"><?php echo __("Font size"); ?></label></td>
-        <td><input type="text" name="chartSettings[fontSize]" id="fontSize" value="<?php echo (isset($chartSettings['fontSize']) ? $chartSettings['fontSize'] : ''); ?>" /></td>
+        <td><input type="text" name="chartSettings[fontSize]" id="fontSize" value="<?php echo (isset($chartSettings['fontSize']) ? htmlspecialchars($chartSettings['fontSize']) : ''); ?>" /></td>
     </tr>
 
     <?php if ($chartSettings['type'] == 'radar') { ?>
author	Herman van Rink <rink@initfour.nl>	2010-08-25 17:43:42 +0400
committer	Herman van Rink <rink@initfour.nl>	2010-08-25 19:06:34 +0400
commit	d8edf38d0d66d2b30d7e8d56f85334c326527a31 (patch)
tree	d1b9b7296ea189c1bf213d123052fc472f6a7375 /tbl_chart.php
parent	b477c4cb1a0ccbe75bd748470d590d7805b48e5d (diff)