[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3_1-12159-g66c0be9 - Git

30 Jul 2011

The branch, master has been updated
       via  66c0be92d781cd9f2934de49d2e2bd2d76130eea (commit)
       via  490d614825be48cca105a0fd70d59bf1085a6b0d (commit)
      from  bf9b723c2bee8fe2d2df523ecd298b94971356e8 (commit)
- Log -----------------------------------------------------------------
commit 66c0be92d781cd9f2934de49d2e2bd2d76130eea
Author: Herman van Rink rink@initfour.nl
Date:   Sat Jul 30 16:24:26 2011 +0200
Possible XSS in chart page
commit 490d614825be48cca105a0fd70d59bf1085a6b0d
Author: Herman van Rink rink@initfour.nl
Date:   Sat Jul 30 14:47:42 2011 +0200
code style cleanup
-----------------------------------------------------------------------
Summary of changes:
 tbl_chart.php |   24 +++++++++++++-----------
 1 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/tbl_chart.php b/tbl_chart.php
index ac4bed8..06b1e71 100644
--- a/tbl_chart.php
+++ b/tbl_chart.php
@@ -92,30 +92,31 @@ url_query = '<?php echo $url_query;?>';
         </span>
         <br>
         <input type="text" name="chartTitle" value="<?php echo __('Chart title'); ?>">
-        <?php $keys = array_keys($data[0]);
-        $yaxis=-1;
-        if (count($keys)>1) {
+        <?php
+        $keys = array_keys($data[0]);
+        $yaxis = -1;
+        if (count($keys) > 1) {
             echo '<br>';
             echo __('X-Axis:'); ?> <select name="chartXAxis">
             <?php
-            foreach ($keys as $idx=>$key) {
-                if ($yaxis==-1 && ($idx==count($data[0])-1 || preg_match("/(date|time)/i",$key))) {
-                    echo '<option value="'.$idx.'" selected>'.$key.'</option>';
+            foreach ($keys as $idx => $key) {
+                if ($yaxis == -1 && (($idx == count($data[0]) - 1) || preg_match("/(date|time)/i", $key))) {
+                    echo '<option value="' . htmlspecialchars($idx) . '" selected>' . htmlspecialchars($key) . '</option>';
                     $yaxis=$idx;
                 } else {
-                    echo '<option value="'.$idx.'">'.$key.'</option>';
+                    echo '<option value="' . htmlspecialchars($idx) . '">' . htmlspecialchars($key) . '</option>';
                 }
             }
?>
-        </select><br>
+        </select><br />
         <?php echo __('Series:'); ?>
         <select name="chartSeries">
             <option value="columns"><?php echo __('The remaining columns'); ?></option>
             <?php
-            foreach ($keys as $idx=>$key) {
-                echo '<option>'.$key.'</option>';
+            foreach ($keys as $idx => $key) {
+                echo '<option>' . htmlspecialchars($key) . '</option>';
             }
         ?>
         </select>
@@ -125,7 +126,8 @@ url_query = '<?php echo $url_query;?>';
</div>
     <div style="float:left; padding-left:40px;">
-        <?php echo __('X-Axis label:'); ?> <input style="margin-top:0;" type="text" name="xaxis_label" value="<?php  echo ($yaxis==-1)?__('X Values'):$keys[$yaxis]; ?>"><br>
+        <?php echo __('X-Axis label:'); ?> <input style="margin-top:0;" type="text" name="xaxis_label" 
+            value="<?php echo ($yaxis == -1) ? __('X Values') : $keys[$yaxis]; ?>"><br />
         <?php echo __('Y-Axis label:'); ?> <input type="text" name="yaxis_label" value="<?php echo __('Y Values'); ?>">
     </div>
     <p style="clear:both;">&nbsp;</p>
hooks/post-receive
-- 
phpMyAdmin


    