aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2012-04-07 21:16:02 +0000
committerplegall <plg@piwigo.org>2012-04-07 21:16:02 +0000
commit59e2298b8504b4b87ee5309b7fc04df953bf68fe (patch)
treede10a51176ffe65682c19d2ffe6412372ec56689 /admin
parent641e6a294b4bad7f4e226946c14df2633ae1c6d8 (diff)
merge r13961 from branch 2.3 to trunk
bug 2612 fixed: sanitize $_GET['installstatus'] before display for themes/languages/plugins installation git-svn-id: http://piwigo.org/svn/trunk@13962 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r--admin/languages_new.php5
-rw-r--r--admin/plugins_new.php2
-rw-r--r--admin/themes_new.php2
3 files changed, 5 insertions, 4 deletions
diff --git a/admin/languages_new.php b/admin/languages_new.php
index 4c7804aa5..da0d31bfd 100644
--- a/admin/languages_new.php
+++ b/admin/languages_new.php
@@ -97,8 +97,9 @@ if (isset($_GET['installstatus']))
break;
default:
- array_push($page['errors'],
- sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus'])
+ array_push(
+ $page['errors'],
+ sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
);
}
}
diff --git a/admin/plugins_new.php b/admin/plugins_new.php
index f6d82444b..747652269 100644
--- a/admin/plugins_new.php
+++ b/admin/plugins_new.php
@@ -76,7 +76,7 @@ if (isset($_GET['installstatus']))
default:
array_push($page['errors'],
- sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']),
+ sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])),
l10n('Please check "plugins" folder and sub-folders permissions (CHMOD).'));
}
}
diff --git a/admin/themes_new.php b/admin/themes_new.php
index 444110b54..9f16a0a85 100644
--- a/admin/themes_new.php
+++ b/admin/themes_new.php
@@ -102,7 +102,7 @@ if (isset($_GET['installstatus']))
default:
array_push(
$page['errors'],
- sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus'])
+ sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
);
}
}