The branch, master has been updated via 66c0be92d781cd9f2934de49d2e2bd2d76130eea (commit) via 490d614825be48cca105a0fd70d59bf1085a6b0d (commit) from bf9b723c2bee8fe2d2df523ecd298b94971356e8 (commit) - Log ----------------------------------------------------------------- commit 66c0be92d781cd9f2934de49d2e2bd2d76130eea Author: Herman van Rink &lt;rink(a)initfour.nl&gt; Date: Sat Jul 30 16:24:26 2011 +0200 Possible XSS in chart page commit 490d614825be48cca105a0fd70d59bf1085a6b0d Author: Herman van Rink &lt;rink(a)initfour.nl&gt; Date: Sat Jul 30 14:47:42 2011 +0200 code style cleanup ----------------------------------------------------------------------- Summary of changes: tbl_chart.php | 24 +++++++++++++----------- 1 files changed, 13 insertions(+), 11 deletions(-) diff --git a/tbl_chart.php b/tbl_chart.php index ac4bed8..06b1e71 100644 --- a/tbl_chart.php +++ b/tbl_chart.php @@ -92,30 +92,31 @@ url_query = '<?php echo $url_query;?>'; </span> <br> <input type="text" name="chartTitle" value="<?php echo __('Chart title'); ?>"> - <?php $keys = array_keys($data[0]); - $yaxis=-1; - if (count($keys)>1) { + <?php + $keys = array_keys($data[0]); + $yaxis = -1; + if (count($keys) > 1) { echo '<br>'; echo __('X-Axis:'); ?> <select name="chartXAxis"> <?php - foreach ($keys as $idx=>$key) { - if ($yaxis==-1 && ($idx==count($data[0])-1 || preg_match("/(date|time)/i",$key))) { - echo '<option value="'.$idx.'" selected>'.$key.'</option>'; + foreach ($keys as $idx => $key) { + if ($yaxis == -1 && (($idx == count($data[0]) - 1) || preg_match("/(date|time)/i", $key))) { + echo '<option value="' . htmlspecialchars($idx) . '" selected>' . htmlspecialchars($key) . '</option>'; $yaxis=$idx; } else { - echo '<option value="'.$idx.'">'.$key.'</option>'; + echo '<option value="' . htmlspecialchars($idx) . '">' . htmlspecialchars($key) . '</option>'; } } ?> - </select><br> + </select><br /> <?php echo __('Series:'); ?> <select name="chartSeries"> <option value="columns"><?php echo __('The remaining columns'); ?></option> <?php - foreach ($keys as $idx=>$key) { - echo '<option>'.$key.'</option>'; + foreach ($keys as $idx => $key) { + echo '<option>' . htmlspecialchars($key) . '</option>'; } ?> </select> @@ -125,7 +126,8 @@ url_query = '<?php echo $url_query;?>'; </div> <div style="float:left; padding-left:40px;"> - <?php echo __('X-Axis label:'); ?> <input style="margin-top:0;" type="text" name="xaxis_label" value="<?php echo ($yaxis==-1)?__('X Values'):$keys[$yaxis]; ?>"><br> + <?php echo __('X-Axis label:'); ?> <input style="margin-top:0;" type="text" name="xaxis_label" + value="<?php echo ($yaxis == -1) ? __('X Values') : $keys[$yaxis]; ?>"><br /> <?php echo __('Y-Axis label:'); ?> <input type="text" name="yaxis_label" value="<?php echo __('Y Values'); ?>"> </div> <p style="clear:both;">&nbsp;</p> hooks/post-receive -- phpMyAdmin