diff options
author | Michal Čihař <michal@cihar.com> | 2004-09-03 16:10:07 +0400 |
---|---|---|
committer | Michal Čihař <michal@cihar.com> | 2004-09-03 16:10:07 +0400 |
commit | 242e2351c19bc332a07ae7f6a6d6c8229366c098 (patch) | |
tree | bbcffe4e9469c334cc84b258476b8844a23d71f9 /themes.php | |
parent | 09a20e6dfcc4ef2c74b5967cbac7411748e9cc87 (diff) |
Escape theme names (bug #1016608).
Diffstat (limited to 'themes.php')
-rw-r--r-- | themes.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/themes.php b/themes.php index ae85f1a69c..a210a67439 100644 --- a/themes.php +++ b/themes.php @@ -106,7 +106,7 @@ if ($handleThemes = opendir($path_to_themes)) { // open themes <tr> <th align="left"> <?php - echo '<b>' . $theme_name . '</b>'; + echo '<b>' . htmlspecialchars($theme_name) . '</b>'; ?> </th> </tr> @@ -119,17 +119,17 @@ if ($handleThemes = opendir($path_to_themes)) { // open themes if (document.getElementById) { document.write('style="border: 1px solid #000000;" '); } - document.write('alt="<?php echo $theme_name; ?> - Theme" '); - document.write('title="<?php echo $theme_name; ?> - Theme" />'); + document.write('alt="<?php echo htmlspecialchars(addslashes($theme_name)); ?> - Theme" '); + document.write('title="<?php echo htmlspecialchars(addslashes($theme_name)); ?> - Theme" />'); document.write('</a><br />'); document.write('[ <b><a href="#top" onclick="takeThis(\'<?php echo $PMA_Theme; ?>\'); return false;">'); - document.write('<?php echo (isset($strTakeIt) ? addslashes($strTakeIt) : 'take it'); ?>'); + document.write('<?php echo addslashes($strTakeIt); ?>'); document.write('</a></b> ]'); //--> </script> <noscript> <?php - echo '<img src="' . $screen_directory . '/screen.png" border="1" alt="' . $theme_name . ' - Theme" />'; + echo '<img src="' . $screen_directory . '/screen.png" border="1" alt="' . htmlspecialchars($theme_name) . ' - Theme" />'; ?> </noscript> </td> |