bug 2612 fixed: sanitize $_GET['installstatus'] before display for

themes/languages/plugins installation git-svn-id: http://piwigo.org/svn/branches/2.3@13961 68402e56-0260-453c-a942-63ccdbb3a9ee
2026-05-06 05:22:37 +02:00 · 2012-04-07 21:12:25 +00:00
parent e40bcacc3e
commit 237ce065b9
3 changed files with 5 additions and 4 deletions
--- a/admin/languages_new.php
+++ b/admin/languages_new.php
@@ -97,8 +97,9 @@ if (isset($_GET['installstatus']))
      break;

    default:
-      array_push($page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus'])
+      array_push(
+        $page['errors'],
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
      );
  }  
 }
--- a/admin/plugins_new.php
+++ b/admin/plugins_new.php
@@ -76,7 +76,7 @@ if (isset($_GET['installstatus']))

    default:
      array_push($page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']),
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])),
        l10n('Please check "plugins" folder and sub-folders permissions (CHMOD).'));
  }  
 }
--- a/admin/themes_new.php
+++ b/admin/themes_new.php
@@ -102,7 +102,7 @@ if (isset($_GET['installstatus']))
    default:
      array_push(
        $page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus'])
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
        );
  }  
 }