bug 2612 fixed: sanitize $_GET['installstatus'] before display for

themes/languages/plugins installation


git-svn-id: http://piwigo.org/svn/branches/2.3@13961 68402e56-0260-453c-a942-63ccdbb3a9ee

3 files changed, 5 insertions, 4 deletions

diff --git a/admin/languages_new.php b/admin/languages_new.php
index 4c7804aa5..da0d31bfd 100644
--- a/admin/languages_new.php
+++ b/admin/languages_new.php
@@ -97,8 +97,9 @@ if (isset($_GET['installstatus']))
       break;
 
     default:
-      array_push($page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus'])
+      array_push(
+        $page['errors'],
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
       );
   }  
 }
diff --git a/admin/plugins_new.php b/admin/plugins_new.php
index c623f4c3b..b639a4427 100644
--- a/admin/plugins_new.php
+++ b/admin/plugins_new.php
@@ -76,7 +76,7 @@ if (isset($_GET['installstatus']))
 
     default:
       array_push($page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']),
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])),
         l10n('Please check "plugins" folder and sub-folders permissions (CHMOD).'));
   }  
 }
diff --git a/admin/themes_new.php b/admin/themes_new.php
index 542d8a79f..f71d87890 100644
--- a/admin/themes_new.php
+++ b/admin/themes_new.php
@@ -102,7 +102,7 @@ if (isset($_GET['installstatus']))
     default:
       array_push(
         $page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus'])
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
         );
   }  
 }