Changeset 13962


Ignore:
Timestamp:
04/07/12 23:16:02 (8 years ago)
Author:
plg
Message:

merge r13961 from branch 2.3 to trunk

bug 2612 fixed: sanitize $_GETinstallstatus before display for
themes/languages/plugins installation

Location:
trunk/admin
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/languages_new.php

    r10638 r13962  
    9898 
    9999    default: 
    100       array_push($page['errors'], 
    101         sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']) 
     100      array_push( 
     101        $page['errors'], 
     102        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])) 
    102103      ); 
    103104  }   
  • trunk/admin/plugins_new.php

    r12922 r13962  
    7777    default: 
    7878      array_push($page['errors'], 
    79         sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']), 
     79        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])), 
    8080        l10n('Please check "plugins" folder and sub-folders permissions (CHMOD).')); 
    8181  }   
  • trunk/admin/themes_new.php

    r12922 r13962  
    103103      array_push( 
    104104        $page['errors'], 
    105         sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']) 
     105        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])) 
    106106        ); 
    107107  }   
Note: See TracChangeset for help on using the changeset viewer.