diff options
| author | Herman van Rink <rink@initfour.nl> | 2011-08-05 14:01:47 +0400 |
|---|---|---|
| committer | Herman van Rink <rink@initfour.nl> | 2011-08-05 14:01:47 +0400 |
| commit | 39edf6e1fbe4a39f6fec0919d60eca5dfc2708ff (patch) | |
| tree | 1a74a9714445b261ac4c7219f5b38134a40ebff5 /tbl_tracking.php | |
| parent | 3d8fddceb0f084d4b77c58c48a98e002db6baa6a (diff) | |
XSS fixes
Diffstat (limited to 'tbl_tracking.php')
| -rw-r--r-- | tbl_tracking.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/tbl_tracking.php b/tbl_tracking.php index d9a904ef09..7cf7cd5223 100644 --- a/tbl_tracking.php +++ b/tbl_tracking.php @@ -473,8 +473,8 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { ?> <tr class="noclick <?php echo $style; ?>"> <td><small><?php echo $i; ?></small></td> - <td><small><?php echo $entry['date']; ?></small></td> - <td><small><?php echo $entry['username']; ?></small></td> + <td><small><?php echo htmlspecialchars($entry['date']); ?></small></td> + <td><small><?php echo htmlspecialchars($entry['username']); ?></small></td> <td><?php echo $statement; ?></td> </tr> <?php @@ -507,10 +507,10 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { ?> </form> <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?>"> - <input type="hidden" name="logtype" value="<?php echo $_REQUEST['logtype'];?>" /> - <input type="hidden" name="date_from" value="<?php echo $_REQUEST['date_from'];?>" /> - <input type="hidden" name="date_to" value="<?php echo $_REQUEST['date_to'];?>" /> - <input type="hidden" name="users" value="<?php echo $_REQUEST['users'];?>" /> + <input type="hidden" name="logtype" value="<?php echo htmlspecialchars($_REQUEST['logtype']);?>" /> + <input type="hidden" name="date_from" value="<?php echo htmlspecialchars($_REQUEST['date_from']);?>" /> + <input type="hidden" name="date_to" value="<?php echo htmlspecialchars($_REQUEST['date_to']);?>" /> + <input type="hidden" name="users" value="<?php echo htmlspecialchars($_REQUEST['users']);?>" /> <?php echo "<br/>" . sprintf(__('Export as %s'), $str_export1) . $str_export2 . "<br/>"; ?> |