diff options
author | Herman van Rink <rink@initfour.nl> | 2011-08-05 12:14:18 +0400 |
---|---|---|
committer | Herman van Rink <rink@initfour.nl> | 2011-08-05 12:14:18 +0400 |
commit | ec848d825ffe896b96b6c3e4b8c7d4c12aadd310 (patch) | |
tree | 97229c1917c9ff03f3c8f6a1f25c23e18c32b6f0 /tbl_tracking.php | |
parent | 09b30b8b6e462aafc24cc32a78491cd9513305c6 (diff) |
XSS fixes
Diffstat (limited to 'tbl_tracking.php')
-rw-r--r-- | tbl_tracking.php | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/tbl_tracking.php b/tbl_tracking.php index 99a540e75f..2f714bfafa 100644 --- a/tbl_tracking.php +++ b/tbl_tracking.php @@ -281,17 +281,17 @@ if (isset($_REQUEST['snapshot'])) { <tr class="noclick <?php echo $style; ?>"> <?php if ($field['Key'] == 'PRI') { - echo '<td><b><u>' . $field['Field'] . '</u></b></td>' . "\n"; + echo '<td><b><u>' . htmlspecialchars($field['Field']) . '</u></b></td>' . "\n"; } else { - echo '<td><b>' . $field['Field'] . '</b></td>' . "\n"; + echo '<td><b>' . htmlspecialchars($field['Field']) . '</b></td>' . "\n"; } ?> - <td><?php echo $field['Type'];?></td> - <td><?php echo $field['Collation'];?></td> - <td><?php echo $field['Null'];?></td> - <td><?php echo $field['Default'];?></td> - <td><?php echo $field['Extra'];?></td> - <td><?php echo $field['Comment'];?></td> + <td><?php echo htmlspecialchars($field['Type']);?></td> + <td><?php echo htmlspecialchars($field['Collation']);?></td> + <td><?php echo htmlspecialchars($field['Null']);?></td> + <td><?php echo htmlspecialchars($field['Default']);?></td> + <td><?php echo htmlspecialchars($field['Extra']);?></td> + <td><?php echo htmlspecialchars($field['Comment']);?></td> </tr> <?php if ($style == 'even') { @@ -337,15 +337,15 @@ if (isset($_REQUEST['snapshot'])) { } ?> <tr class="noclick <?php echo $style; ?>"> - <td><b><?php echo $index['Key_name'];?></b></td> - <td><?php echo $index['Index_type'];?></td> + <td><b><?php echo htmlspecialchars($index['Key_name']);?></b></td> + <td><?php echo htmlspecialchars($index['Index_type']);?></td> <td><?php echo $str_unique;?></td> <td><?php echo $str_packed;?></td> - <td><?php echo $index['Column_name'];?></td> - <td><?php echo $index['Cardinality'];?></td> - <td><?php echo $index['Collation'];?></td> - <td><?php echo $index['Null'];?></td> - <td><?php echo $index['Comment'];?></td> + <td><?php echo htmlspecialchars($index['Column_name']);?></td> + <td><?php echo htmlspecialchars($index['Cardinality']);?></td> + <td><?php echo htmlspecialchars($index['Collation']);?></td> + <td><?php echo htmlspecialchars($index['Null']);?></td> + <td><?php echo htmlspecialchars($index['Comment']);?></td> </tr> <?php if ($style == 'even') { |