[Phpmyadmin-devel] Re: [Phpmyadmin-cvs] CVS: phpMyAdmin/test theme.php,NONE,1.1
Garvin Hicking
phpmyadmin at supergarv.de
Tue Nov 22 01:17:02 CET 2005
Hi Sebastian!
I'm not up to date on recent code, but are these:
> $lang_iso_code = $GLOBALS['available_languages'][$GLOBALS['lang']][2];
>
> // start output
> header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
> ?>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
> <html xmlns="http://www.w3.org/1999/xhtml"
> xml:lang="<?php echo $lang_iso_code; ?>"
> lang="<?php echo $lang_iso_code; ?>" dir="<?php echo $GLOBALS['text_dir']; ?>">
> <head>
> <title>phpMyAdmin <?php echo PMA_VERSION; ?> - <?php echo $HTTP_HOST; ?> - Theme
> Test</title>
Checked against XSS attacks? At least I saw Michals commit about the $HTTP_HOST
variable to be wrapped within htmlspecialchars() -- and does the 'charset'
variable now get escaped for being passed to header()? I thought we would rather
use a PMA_header() function or so?
Best regards,
Garvin
--
Garvin Hicking | Web-Entwickler | Make me happy:
www.supergarv.de | #ICQ 21392242 | http://wishes.garv.info/
More information about the Developers
mailing list