Hi Sebastian!
I'm not up to date on recent code, but are these:
$lang_iso_code = $GLOBALS['available_languages'][$GLOBALS['lang']][2];
// start output header('Content-Type: text/html; charset=' . $GLOBALS['charset']); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $lang_iso_code; ?>" lang="<?php echo $lang_iso_code; ?>" dir="<?php echo $GLOBALS['text_dir']; ?>"> <head> <title>phpMyAdmin <?php echo PMA_VERSION; ?> - <?php echo $HTTP_HOST; ?> - Theme Test</title>
Checked against XSS attacks? At least I saw Michals commit about the $HTTP_HOST variable to be wrapped within htmlspecialchars() -- and does the 'charset' variable now get escaped for being passed to header()? I thought we would rather use a PMA_header() function or so?
Best regards, Garvin