merge r13961 from branch 2.3 to trunk

bug 2612 fixed: sanitize $_GET['installstatus'] before display for themes/languages/plugins installation git-svn-id: http://piwigo.org/svn/trunk@13962 68402e56-0260-453c-a942-63ccdbb3a9ee
2026-03-28 17:42:57 +01:00 · 2012-04-07 21:16:02 +00:00
parent 641e6a294b
commit 59e2298b85
3 changed files with 5 additions and 4 deletions
--- a/admin/languages_new.php
+++ b/admin/languages_new.php
@@ -97,8 +97,9 @@ if (isset($_GET['installstatus']))
      break;

    default:
-      array_push($page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus'])
+      array_push(
+        $page['errors'],
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
      );
  }  
 }
--- a/admin/plugins_new.php
+++ b/admin/plugins_new.php
@@ -76,7 +76,7 @@ if (isset($_GET['installstatus']))

    default:
      array_push($page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus']),
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])),
        l10n('Please check "plugins" folder and sub-folders permissions (CHMOD).'));
  }  
 }
--- a/admin/themes_new.php
+++ b/admin/themes_new.php
@@ -102,7 +102,7 @@ if (isset($_GET['installstatus']))
    default:
      array_push(
        $page['errors'],
-        sprintf(l10n('An error occured during extraction (%s).'), $_GET['installstatus'])
+        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
        );
  }  
 }