The branch, master has been updated
via 66c0be92d781cd9f2934de49d2e2bd2d76130eea (commit)
via 490d614825be48cca105a0fd70d59bf1085a6b0d (commit)
from bf9b723c2bee8fe2d2df523ecd298b94971356e8 (commit)
- Log -----------------------------------------------------------------
commit 66c0be92d781cd9f2934de49d2e2bd2d76130eea
Author: Herman van Rink <[email protected]>
Date: Sat Jul 30 16:24:26 2011 +0200
Possible XSS in chart page
commit 490d614825be48cca105a0fd70d59bf1085a6b0d
Author: Herman van Rink <[email protected]>
Date: Sat Jul 30 14:47:42 2011 +0200
code style cleanup
-----------------------------------------------------------------------
Summary of changes:
tbl_chart.php | 24 +++++++++++++-----------
1 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/tbl_chart.php b/tbl_chart.php
index ac4bed8..06b1e71 100644
--- a/tbl_chart.php
+++ b/tbl_chart.php
@@ -92,30 +92,31 @@ url_query = '<?php echo $url_query;?>';
</span>
<br>
<input type="text" name="chartTitle" value="<?php echo __('Chart
title'); ?>">
- <?php $keys = array_keys($data[0]);
- $yaxis=-1;
- if (count($keys)>1) {
+ <?php
+ $keys = array_keys($data[0]);
+ $yaxis = -1;
+ if (count($keys) > 1) {
echo '<br>';
echo __('X-Axis:'); ?> <select name="chartXAxis">
<?php
- foreach ($keys as $idx=>$key) {
- if ($yaxis==-1 && ($idx==count($data[0])-1 ||
preg_match("/(date|time)/i",$key))) {
- echo '<option value="'.$idx.'" selected>'.$key.'</option>';
+ foreach ($keys as $idx => $key) {
+ if ($yaxis == -1 && (($idx == count($data[0]) - 1) ||
preg_match("/(date|time)/i", $key))) {
+ echo '<option value="' . htmlspecialchars($idx) . '"
selected>' . htmlspecialchars($key) . '</option>';
$yaxis=$idx;
} else {
- echo '<option value="'.$idx.'">'.$key.'</option>';
+ echo '<option value="' . htmlspecialchars($idx) . '">' .
htmlspecialchars($key) . '</option>';
}
}
?>
- </select><br>
+ </select><br />
<?php echo __('Series:'); ?>
<select name="chartSeries">
<option value="columns"><?php echo __('The remaining columns');
?></option>
<?php
- foreach ($keys as $idx=>$key) {
- echo '<option>'.$key.'</option>';
+ foreach ($keys as $idx => $key) {
+ echo '<option>' . htmlspecialchars($key) . '</option>';
}
?>
</select>
@@ -125,7 +126,8 @@ url_query = '<?php echo $url_query;?>';
</div>
<div style="float:left; padding-left:40px;">
- <?php echo __('X-Axis label:'); ?> <input style="margin-top:0;"
type="text" name="xaxis_label" value="<?php echo ($yaxis==-1)?__('X
Values'):$keys[$yaxis]; ?>"><br>
+ <?php echo __('X-Axis label:'); ?> <input style="margin-top:0;"
type="text" name="xaxis_label"
+ value="<?php echo ($yaxis == -1) ? __('X Values') : $keys[$yaxis];
?>"><br />
<?php echo __('Y-Axis label:'); ?> <input type="text"
name="yaxis_label" value="<?php echo __('Y Values'); ?>">
</div>
<p style="clear:both;"> </p>
hooks/post-receive
--
phpMyAdmin
------------------------------------------------------------------------------
Got Input? Slashdot Needs You.
Take our quick survey online. Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git
