diff options
author | Herman van Rink <rink@initfour.nl> | 2011-08-05 13:45:16 +0400 |
---|---|---|
committer | Herman van Rink <rink@initfour.nl> | 2011-08-05 13:45:16 +0400 |
commit | 2b0d12b2deb1b6b5c4073ecaa7971cb0bbb83389 (patch) | |
tree | 19579628c345f18827a00374c35d9478006e111a /tbl_tracking.php | |
parent | ec848d825ffe896b96b6c3e4b8c7d4c12aadd310 (diff) |
Make better use of PMA_generate_common_url to prevent XSS
Diffstat (limited to 'tbl_tracking.php')
-rw-r--r-- | tbl_tracking.php | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/tbl_tracking.php b/tbl_tracking.php index 2f714bfafa..f647509740 100644 --- a/tbl_tracking.php +++ b/tbl_tracking.php @@ -375,7 +375,7 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { <small><?php echo __('Tracking statements') . ' ' . $data['tracking']; ?></small><br/> <br/> - <form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>&report=true&version=<?php echo $_REQUEST['version'];?>"> + <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?>"> <?php $str1 = '<select name="logtype">' . @@ -493,7 +493,7 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { } ?> </form> - <form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>&report=true&version=<?php echo $_REQUEST['version'];?>"> + <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?>"> <?php printf(__('Show %s with dates from %s to %s by user %s %s'), $str1, $str2, $str3, $str4, $str5); @@ -506,7 +506,7 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { $str_export2 = '<input type="submit" name="report_export" value="' . __('Go') .'" />'; ?> </form> - <form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>&report=true&version=<?php echo $_REQUEST['version'];?>"> + <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?>"> <input type="hidden" name="logtype" value="<?php echo $_REQUEST['logtype'];?>" /> <input type="hidden" name="date_from" value="<?php echo $_REQUEST['date_from'];?>" /> <input type="hidden" name="date_to" value="<?php echo $_REQUEST['date_to'];?>" /> @@ -616,7 +616,11 @@ if ($last_version > 0) { <td><?php echo $version['date_created'];?></td> <td><?php echo $version['date_updated'];?></td> <td><?php echo $version_status;?></td> - <td> <a href="tbl_tracking.php?<?php echo $url_query;?>&report=true&version=<?php echo $version['version'];?>"><?php echo __('Tracking report');?></a> | <a href="tbl_tracking.php?<?php echo $url_query;?>&snapshot=true&version=<?php echo $version['version'];?>"><?php echo __('Structure snapshot');?></a></td> + <td> <a href="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $version['version']) +);?>"><?php echo __('Tracking report');?></a> + | <a href="tbl_tracking.php?<?php echo PMA_generate_common_url($url_params + array('snapshot' => 'true', 'version' => $version['version']) +);?>"><?php echo __('Structure snapshot');?></a> + </td> </tr> <?php if ($style == 'even') { |