Fixed minor (non-XSS) sanitization issue for main_page field in Admin:GeneralConfig
authorDan
Sat, 23 Aug 2008 16:03:13 -0400
changeset 703 e492511e31ea
parent 702 15cd41fd8a05
child 704 077887be639d
Fixed minor (non-XSS) sanitization issue for main_page field in Admin:GeneralConfig
plugins/SpecialAdmin.php
--- a/plugins/SpecialAdmin.php	Sat Aug 23 16:02:07 2008 -0400
+++ b/plugins/SpecialAdmin.php	Sat Aug 23 16:03:13 2008 -0400
@@ -403,7 +403,7 @@
       
       <tr><td class="row1" style="width: 50%;"><?php echo $lang->get('acpgc_field_site_name'); ?></td>  <td class="row1" style="width: 50%;"><input type="text" name="site_name" size="30" value="<?php echo htmlspecialchars(getConfig('site_name')); ?>" /></td></tr>
       <tr><td class="row2"><?php echo $lang->get('acpgc_field_site_desc'); ?></td>               <td class="row2"><input type="text" name="site_desc" size="30" value="<?php echo htmlspecialchars(getConfig('site_desc')); ?>" /></td></tr>
-      <tr><td class="row1"><?php echo $lang->get('acpgc_field_main_page'); ?></td>                      <td class="row1"><?php echo $template->pagename_field('main_page', htmlspecialchars(str_replace('_', ' ', getConfig('main_page')))); ?></td></tr>
+      <tr><td class="row1"><?php echo $lang->get('acpgc_field_main_page'); ?></td>                      <td class="row1"><?php echo $template->pagename_field('main_page', sanitize_page_id(getConfig('main_page'))); ?></td></tr>
       <tr><td class="row2"><?php echo $lang->get('acpgc_field_copyright'); ?></td><td class="row2"><input type="text" name="copyright" size="30" value="<?php echo htmlspecialchars(getConfig('copyright_notice')); ?>" /></td></tr>
       <tr><td class="row1" colspan="2"><?php echo $lang->get('acpgc_field_copyright_hint'); ?></td></tr>
       <tr><td class="row2"><?php echo $lang->get('acpgc_field_contactemail'); ?><br /><small><?php echo $lang->get('acpgc_field_contactemail_hint'); ?></small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr>