Permalink
Browse files

Securing $misc->href

See http://php.net/manual/en/function.urlencode.php
This is only used in href parameter of A tag and should be escaped
properly.
  • Loading branch information...
ioguix committed Dec 16, 2011
1 parent a55f9a7 commit 4d54fca60d869f9706200dfa7b5e502ecd4837f8
Showing with 3 additions and 3 deletions.
  1. +3 −3 classes/Misc.php
View
@@ -40,13 +40,13 @@ function getHREF($exclude_from = null) {
if (isset($_REQUEST['server']) && $exclude_from != 'server') {
$href .= 'server=' . urlencode($_REQUEST['server']);
if (isset($_REQUEST['database']) && $exclude_from != 'database') {
- $href .= '&database=' . urlencode($_REQUEST['database']);
+ $href .= '&database=' . urlencode($_REQUEST['database']);
if (isset($_REQUEST['schema']) && $exclude_from != 'schema') {
- $href .= '&schema=' . urlencode($_REQUEST['schema']);
+ $href .= '&schema=' . urlencode($_REQUEST['schema']);
}
}
}
- return $href;
+ return htmlentities($href);
}
/**

0 comments on commit 4d54fca

Please sign in to comment.