The branch, master has been updated
via 66c0be92d781cd9f2934de49d2e2bd2d76130eea (commit)
via 490d614825be48cca105a0fd70d59bf1085a6b0d (commit)
from bf9b723c2bee8fe2d2df523ecd298b94971356e8 (commit)
- Log -----------------------------------------------------------------
commit 66c0be92d781cd9f2934de49d2e2bd2d76130eea
Author: Herman van Rink <rink(a)initfour.nl>
Date: Sat Jul 30 16:24:26 2011 +0200
Possible XSS in chart page
commit 490d614825be48cca105a0fd70d59bf1085a6b0d
Author: Herman van Rink <rink(a)initfour.nl>
Date: Sat Jul 30 14:47:42 2011 +0200
code style cleanup
-----------------------------------------------------------------------
Summary of changes:
tbl_chart.php | 24 +++++++++++++-----------
1 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/tbl_chart.php b/tbl_chart.php
index ac4bed8..06b1e71 100644
--- a/tbl_chart.php
+++ b/tbl_chart.php
@@ -92,30 +92,31 @@ url_query = '<?php echo $url_query;?>';
</span>
<br>
<input type="text" name="chartTitle" value="<?php
echo __('Chart title'); ?>">
- <?php $keys = array_keys($data[0]);
- $yaxis=-1;
- if (count($keys)>1) {
+ <?php
+ $keys = array_keys($data[0]);
+ $yaxis = -1;
+ if (count($keys) > 1) {
echo '<br>';
echo __('X-Axis:'); ?> <select name="chartXAxis">
<?php
- foreach ($keys as $idx=>$key) {
- if ($yaxis==-1 && ($idx==count($data[0])-1 ||
preg_match("/(date|time)/i",$key))) {
- echo '<option value="'.$idx.'"
selected>'.$key.'</option>';
+ foreach ($keys as $idx => $key) {
+ if ($yaxis == -1 && (($idx == count($data[0]) - 1) ||
preg_match("/(date|time)/i", $key))) {
+ echo '<option value="' . htmlspecialchars($idx) .
'" selected>' . htmlspecialchars($key) . '</option>';
$yaxis=$idx;
} else {
- echo '<option
value="'.$idx.'">'.$key.'</option>';
+ echo '<option value="' . htmlspecialchars($idx) .
'">' . htmlspecialchars($key) . '</option>';
}
}
?>
- </select><br>
+ </select><br />
<?php echo __('Series:'); ?>
<select name="chartSeries">
<option value="columns"><?php echo __('The remaining
columns'); ?></option>
<?php
- foreach ($keys as $idx=>$key) {
- echo '<option>'.$key.'</option>';
+ foreach ($keys as $idx => $key) {
+ echo '<option>' . htmlspecialchars($key) .
'</option>';
}
?>
</select>
@@ -125,7 +126,8 @@ url_query = '<?php echo $url_query;?>';
</div>
<div style="float:left; padding-left:40px;">
- <?php echo __('X-Axis label:'); ?> <input
style="margin-top:0;" type="text" name="xaxis_label"
value="<?php echo ($yaxis==-1)?__('X Values'):$keys[$yaxis];
?>"><br>
+ <?php echo __('X-Axis label:'); ?> <input
style="margin-top:0;" type="text" name="xaxis_label"
+ value="<?php echo ($yaxis == -1) ? __('X Values') :
$keys[$yaxis]; ?>"><br />
<?php echo __('Y-Axis label:'); ?> <input type="text"
name="yaxis_label" value="<?php echo __('Y Values');
?>">
</div>
<p style="clear:both;"> </p>
hooks/post-receive
--
phpMyAdmin