fix XSS reported by Janek Vind

author: Dieter Adriaenssens <ruleant@users.sourceforge.net> 2013-04-01 01:11:10 +0400
committer: Dieter Adriaenssens <ruleant@users.sourceforge.net> 2013-04-02 00:29:21 +0400
commit: 79089c9bc02c82c15419fd9d6496b8781ae08a5a (patch)
tree: 89b9d851c4f0e21cac75da66944d911cb1b58e71 /tbl_gis_visualization.php
parent: 93070c081c86235150cdf7d47e047d79057cdf73 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/tbl_gis_visualization.php b/tbl_gis_visualization.php
index 0811d01aeb..bd95b2e6c7 100644
--- a/tbl_gis_visualization.php
+++ b/tbl_gis_visualization.php
@@ -110,7 +110,7 @@ $visualization = PMA_GIS_visualizationResults($data, $visualizationSettings, $fo
 <?php echo PMA_generate_common_hidden_inputs($url_params); ?>
 <fieldset>
     <legend><?php echo __('Display GIS Visualization'); ?></legend>
-    <div id="placeholder" style="width:<?php echo($visualizationSettings['width']); ?>px;height:<?php echo($visualizationSettings['height']); ?>px;">
+    <div id="placeholder" style="width:<?php echo(htmlspecialchars($visualizationSettings['width'])); ?>px;height:<?php echo(htmlspecialchars($visualizationSettings['height'])); ?>px;">
         <?php echo $visualization; ?>
     </div>
     <div id="openlayersmap"></div>
@@ -202,4 +202,4 @@ $visualization = PMA_GIS_visualizationResults($data, $visualizationSettings, $fo
  */
 require './libraries/footer.inc.php';
 
-?>
-\ No newline at end of file
+?>
author	Dieter Adriaenssens <ruleant@users.sourceforge.net>	2013-04-01 01:11:10 +0400
committer	Dieter Adriaenssens <ruleant@users.sourceforge.net>	2013-04-02 00:29:21 +0400
commit	79089c9bc02c82c15419fd9d6496b8781ae08a5a (patch)
tree	89b9d851c4f0e21cac75da66944d911cb1b58e71 /tbl_gis_visualization.php
parent	93070c081c86235150cdf7d47e047d79057cdf73 (diff)