diff options
author | plegall <plg@piwigo.org> | 2012-04-07 21:16:02 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2012-04-07 21:16:02 +0000 |
commit | 59e2298b8504b4b87ee5309b7fc04df953bf68fe (patch) | |
tree | de10a51176ffe65682c19d2ffe6412372ec56689 /admin | |
parent | 641e6a294b4bad7f4e226946c14df2633ae1c6d8 (diff) |
merge r13961 from branch 2.3 to trunk
bug 2612 fixed: sanitize $_GET['installstatus'] before display for
themes/languages/plugins installation
git-svn-id: http://piwigo.org/svn/trunk@13962 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r-- | admin/languages_new.php | 5 | ||||
-rw-r--r-- | admin/plugins_new.php | 2 | ||||
-rw-r--r-- | admin/themes_new.php | 2 |
3 files changed, 5 insertions, 4 deletions
diff --git a/admin/languages_new.php b/admin/languages_new.php index 4c7804aa5..da0d31bfd 100644 --- a/admin/languages_new.php +++ b/admin/languages_new.php @@ -97,8 +97,9 @@ if (isset($_GET['installstatus'])) break; default: - array_push($page['errors'], - sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']) + array_push( + $page['errors'], + sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])) ); } } diff --git a/admin/plugins_new.php b/admin/plugins_new.php index f6d82444b..747652269 100644 --- a/admin/plugins_new.php +++ b/admin/plugins_new.php @@ -76,7 +76,7 @@ if (isset($_GET['installstatus'])) default: array_push($page['errors'], - sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']), + sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])), l10n('Please check "plugins" folder and sub-folders permissions (CHMOD).')); } } diff --git a/admin/themes_new.php b/admin/themes_new.php index 444110b54..9f16a0a85 100644 --- a/admin/themes_new.php +++ b/admin/themes_new.php @@ -102,7 +102,7 @@ if (isset($_GET['installstatus'])) default: array_push( $page['errors'], - sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']) + sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])) ); } } |