Changeset 13962

Timestamp:

04/07/12 23:16:02 (14 months ago)

Author:

plg

Message:

merge r13961 from branch 2.3 to trunk

bug 2612 fixed: sanitize $_GETinstallstatus before display for
themes/languages/plugins installation

Location:

trunk/admin

Files:

• languages_new.php (modified) (1 diff)
• plugins_new.php (modified) (1 diff)
• themes_new.php (modified) (1 diff)

trunk/admin/languages_new.php

@@ -98 +98 @@
 
     default:
-      array_push($page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus'])
+      array_push(
+        $page['errors'],
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
       );
   }  

trunk/admin/plugins_new.php

@@ -77 +77 @@
     default:
       array_push($page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']),
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])),
         l10n('Please check "plugins" folder and sub-folders permissions (CHMOD).'));
   }  

trunk/admin/themes_new.php

@@ -103 +103 @@
       array_push(
         $page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus'])
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
         );
   }