The branch, master has been updated via 68cb87a81829581e7457c4a8a6fe6b85ef663834 (commit) from 85fc658f3146d245d88d29085f98c62e686eee13 (commit)

- Log ----------------------------------------------------------------- commit 68cb87a81829581e7457c4a8a6fe6b85ef663834 Author: Marc Delisle marc@infomarc.info Date: Fri Sep 9 13:12:24 2011 -0400

Escape HTML in column names and values before json_encode()

-----------------------------------------------------------------------

Summary of changes: tbl_chart.php | 15 +++++++++++++-- 1 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/tbl_chart.php b/tbl_chart.php index 8caa38e..43de351 100644 --- a/tbl_chart.php +++ b/tbl_chart.php @@ -130,14 +130,25 @@ url_query = '<?php echo $url_query;?>'; </div> <div style="float:left; padding-left:40px;"> <?php echo __('X-Axis label:'); ?> <input style="margin-top:0;" type="text" name="xaxis_label" - value="<?php echo ($yaxis == -1) ? __('X Values') : $keys[$yaxis]; ?>"><br /> + value="<?php echo ($yaxis == -1) ? __('X Values') : htmlspecialchars($keys[$yaxis]); ?>"><br /> <?php echo __('Y-Axis label:'); ?> <input type="text" name="yaxis_label" value="<?php echo __('Y Values'); ?>"> </div> <p style="clear:both;">&nbsp;</p> <div id="resizer" style="width:600px; height:400px;"> <div id="inner-resizer"> <div id="querychart" style="display:none;"> - <?php echo json_encode($data); ?> +<?php +$sanitized_data = array(); +foreach ($data as $data_row_number => $data_row) { + $tmp_row = array(); + foreach ($data_row as $data_column => $data_value) { + $tmp_row[htmlspecialchars($data_column)] = htmlspecialchars($data_value); + } + $sanitized_data[] = $tmp_row; +} +echo json_encode($sanitized_data); +unset($sanitized_data); +?> </div> </div> </div>

hooks/post-receive