Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Securing $misc->href

See http://php.net/manual/en/function.urlencode.php
This is only used in href parameter of A tag and should be escaped
properly.
  • Loading branch information...
commit 4d54fca60d869f9706200dfa7b5e502ecd4837f8 1 parent a55f9a7
@ioguix ioguix authored
Showing with 3 additions and 3 deletions.
  1. +3 −3 classes/Misc.php
View
6 classes/Misc.php
@@ -40,13 +40,13 @@ function getHREF($exclude_from = null) {
if (isset($_REQUEST['server']) && $exclude_from != 'server') {
$href .= 'server=' . urlencode($_REQUEST['server']);
if (isset($_REQUEST['database']) && $exclude_from != 'database') {
- $href .= '&database=' . urlencode($_REQUEST['database']);
+ $href .= '&database=' . urlencode($_REQUEST['database']);
if (isset($_REQUEST['schema']) && $exclude_from != 'schema') {
- $href .= '&schema=' . urlencode($_REQUEST['schema']);
+ $href .= '&schema=' . urlencode($_REQUEST['schema']);
}
}
}
- return $href;
+ return htmlentities($href);
}
/**
Please sign in to comment.
Something went wrong with that request. Please try again.