Integrated XSS patch for 1.1.7 maintenance branch 1.1.7-maintenance 1.1.7pl1
authorDan Fuhry <dan@enanocms.org>
Thu, 01 Jul 2010 18:24:11 -0400
branch1.1.7-maintenance
changeset 12577365c9bf2106
parent 1190 fa306d7af9ce
child 1317 6012710ae538
Integrated XSS patch for 1.1.7 maintenance branch
plugins/SpecialUserFuncs.php
     1.1 --- a/plugins/SpecialUserFuncs.php	Sat Dec 19 16:06:27 2009 -0500
     1.2 +++ b/plugins/SpecialUserFuncs.php	Thu Jul 01 18:24:11 2010 -0400
     1.3 @@ -1236,13 +1236,13 @@
     1.4                      {
     1.5                        echo ' selected="selected"';
     1.6                      }
     1.7 -                    echo '>' . $t['theme_name'] . '</option>';
     1.8 +                    echo '>' . htmlspecialchars($t['theme_name']) . '</option>';
     1.9                    }
    1.10                  }
    1.11                 ?>
    1.12                </select>
    1.13              </p>
    1.14 -            <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
    1.15 +            <p><input type="hidden" name="return_to" value="<?php echo htmlspecialchars($ret); ?>" />
    1.16                 <input type="submit" name="themeselected" value="<?php echo $lang->get('userfuncs_changetheme_btn_continue'); ?>" /></p>
    1.17            <?php } else { 
    1.18              $theme = $_POST['theme'];
    1.19 @@ -1268,13 +1268,13 @@
    1.20                    } else die($dir.' is not a dir');
    1.21                    foreach ( $list as $l )
    1.22                    {
    1.23 -                    echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
    1.24 +                    echo '<option value="'.$l.'">'.ucfirst($l).'</option>';
    1.25                    }
    1.26                  ?>
    1.27                </select>
    1.28              </p>
    1.29 -            <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
    1.30 -               <input type="hidden" name="theme" value="<?php echo $theme; ?>" />
    1.31 +            <p><input type="hidden" name="return_to" value="<?php echo htmlspecialchars($ret); ?>" />
    1.32 +               <input type="hidden" name="theme" value="<?php echo htmlspecialchars($theme); ?>" />
    1.33                 <input type="submit" name="allclear" value="<?php echo $lang->get('userfuncs_changetheme_btn_allclear'); ?>" /></p>
    1.34            <?php } ?>
    1.35          </form>