Changeset 13961 for branches


Ignore:
Timestamp:
Apr 7, 2012, 11:12:25 PM (12 years ago)
Author:
plg
Message:

bug 2612 fixed: sanitize $_GETinstallstatus before display for
themes/languages/plugins installation

Location:
branches/2.3/admin
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • branches/2.3/admin/languages_new.php

    r10638 r13961  
    9898
    9999    default:
    100       array_push($page['errors'],
    101         sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus'])
     100      array_push(
     101        $page['errors'],
     102        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
    102103      );
    103104  } 

  • branches/2.3/admin/plugins_new.php

    r11222 r13961  
    7777    default:
    7878      array_push($page['errors'],
    79         sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']),
     79        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])),
    8080        l10n('Please check "plugins" folder and sub-folders permissions (CHMOD).'));
    8181  } 

  • branches/2.3/admin/themes_new.php

    r11917 r13961  
    103103      array_push(
    104104        $page['errors'],
    105         sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus'])
     105        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
    106106        );
    107107  } 
Note: See TracChangeset for help on using the changeset viewer.