diff options
author | Herman van Rink <rink@initfour.nl> | 2011-08-05 13:45:35 +0400 |
---|---|---|
committer | Herman van Rink <rink@initfour.nl> | 2011-08-05 13:45:35 +0400 |
commit | 3d8fddceb0f084d4b77c58c48a98e002db6baa6a (patch) | |
tree | a5d20ae73e1383649756fcea47a95d739067c2df /tbl_tracking.php | |
parent | 2b0d12b2deb1b6b5c4073ecaa7971cb0bbb83389 (diff) |
XSS fixes
Diffstat (limited to 'tbl_tracking.php')
-rw-r--r-- | tbl_tracking.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/tbl_tracking.php b/tbl_tracking.php index f647509740..d9a904ef09 100644 --- a/tbl_tracking.php +++ b/tbl_tracking.php @@ -372,7 +372,7 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { ?> <h3><?php echo __('Tracking report');?> [<a href="tbl_tracking.php?<?php echo $url_query;?>"><?php echo __('Close');?></a>]</h3> - <small><?php echo __('Tracking statements') . ' ' . $data['tracking']; ?></small><br/> + <small><?php echo __('Tracking statements') . ' ' . htmlspecialchars($data['tracking']); ?></small><br/> <br/> <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?>"> @@ -383,9 +383,9 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) { '<option value="data"' . ($selection_data ? ' selected="selected"' : ''). '>' . __('Data only') . '</option>' . '<option value="schema_and_data"' . ($selection_both ? ' selected="selected"' : '') . '>' . __('Structure and data') . '</option>' . '</select>'; - $str2 = '<input type="text" name="date_from" value="' . $_REQUEST['date_from'] . '" size="19" />'; - $str3 = '<input type="text" name="date_to" value="' . $_REQUEST['date_to'] . '" size="19" />'; - $str4 = '<input type="text" name="users" value="' . $_REQUEST['users'] . '" />'; + $str2 = '<input type="text" name="date_from" value="' . htmlspecialchars($_REQUEST['date_from']) . '" size="19" />'; + $str3 = '<input type="text" name="date_to" value="' . htmlspecialchars($_REQUEST['date_to']) . '" size="19" />'; + $str4 = '<input type="text" name="users" value="' . htmlspecialchars($_REQUEST['users']) . '" />'; $str5 = '<input type="submit" name="list_report" value="' . __('Go') . '" />'; printf(__('Show %s with dates from %s to %s by user %s %s'), $str1, $str2, $str3, $str4, $str5); |