merge r13961 from branch 2.3 to trunk

bug 2612 fixed: sanitize $_GET['installstatus'] before display for
themes/languages/plugins installation



git-svn-id: http://piwigo.org/svn/trunk@13962 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 1 insertions, 1 deletions

diff --git a/admin/plugins_new.php b/admin/plugins_new.php
index f6d82444b..747652269 100644
--- a/admin/plugins_new.php
+++ b/admin/plugins_new.php
@@ -76,7 +76,7 @@ if (isset($_GET['installstatus']))
 
     default:
       array_push($page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']),
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])),
         l10n('Please check "plugins" folder and sub-folders permissions (CHMOD).'));
   }  
 }