Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Make better use of PMA_generate_common_url to prevent XSS

  • Loading branch information...
commit e11e55cb0689b4a6de5f0d996166668a47f96da9 1 parent 9d54e57
helmo authored August 05, 2011

Showing 1 changed file with 8 additions and 4 deletions. Show diff stats Hide diff stats

  1. 12  tbl_tracking.php
12  tbl_tracking.php
@@ -382,7 +382,7 @@ function PMA_filter_tracking($data, $filter_ts_from, $filter_ts_to, $filter_user
382 382
     <small><?php echo $strTrackingStatements . ' ' . htmlspecialchars($data['tracking']); ?></small><br/>
383 383
     <br/>
384 384
 
385  
-    <form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>&amp;report=true&amp;version=<?php echo $_REQUEST['version'];?>">
  385
+    <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?>">
386 386
     <?php
387 387
 
388 388
     $str1 = '<select name="logtype">' .
@@ -500,7 +500,7 @@ function PMA_filter_tracking($data, $filter_ts_from, $filter_ts_to, $filter_user
500 500
     }
501 501
     ?>
502 502
     </form>
503  
-    <form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>&amp;report=true&amp;version=<?php echo $_REQUEST['version'];?>">
  503
+    <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?>">
504 504
     <?php
505 505
     printf($strTrackingShowLogDateUsers, $str1, $str2, $str3, $str4, $str5);
506 506
 
@@ -513,7 +513,7 @@ function PMA_filter_tracking($data, $filter_ts_from, $filter_ts_to, $filter_user
513 513
     $str_export2 = '<input type="submit" name="report_export" value="' . $strGo .'" />';
514 514
     ?>
515 515
     </form>
516  
-    <form method="post" action="tbl_tracking.php?<?php echo $url_query; ?>&amp;report=true&amp;version=<?php echo $_REQUEST['version'];?>">
  516
+    <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?>">
517 517
     <input type="hidden" name="logtype" value="<?php echo htmlspecialchars($_REQUEST['logtype']);?>" />
518 518
     <input type="hidden" name="date_from" value="<?php echo htmlspecialchars($_REQUEST['date_from']);?>" />
519 519
     <input type="hidden" name="date_to" value="<?php echo htmlspecialchars($_REQUEST['date_to']);?>" />
@@ -622,7 +622,11 @@ function PMA_filter_tracking($data, $filter_ts_from, $filter_ts_to, $filter_user
622 622
             <td><?php echo $version['date_created'];?></td>
623 623
             <td><?php echo $version['date_updated'];?></td>
624 624
             <td><?php echo $version_status;?></td>
625  
-            <td> <a href="tbl_tracking.php?<?php echo $url_query;?>&amp;report=true&amp;version=<?php echo $version['version'];?>"><?php echo $strTrackingReport;?></a> | <a href="tbl_tracking.php?<?php echo $url_query;?>&amp;snapshot=true&amp;version=<?php echo $version['version'];?>"><?php echo $strTrackingStructureSnapshot;?></a></td>
  625
+            <td> <a href="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $version['version'])
  626
+);?>"><?php echo $strTrackingReport;?></a> 
  627
+                | <a href="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('snapshot' => 'true', 'version' => $version['version'])
  628
+);?>"><?php echo $strTrackingStructureSnapshot;?></a>
  629
+            </td>
626 630
         </tr>
627 631
     <?php
628 632
         if ($style == 'even') {

0 notes on commit e11e55c

Please sign in to comment.
Something went wrong with that request. Please try again.