diff options
| author | Nathan Guse <nathaniel.guse@gmail.com> | 2012-12-10 21:16:08 -0600 |
|---|---|---|
| committer | Nathan Guse <nathaniel.guse@gmail.com> | 2012-12-10 21:16:08 -0600 |
| commit | 61391f648c95251466f805f148f1656e940f2027 (patch) | |
| tree | a03d99c0a6049d5a4e31bfa3f8b06a16b4914dc1 /phpBB | |
| parent | 30de17f69f70a0c23fa314de479bac57e3dbae2b (diff) | |
| download | forums-61391f648c95251466f805f148f1656e940f2027.tar forums-61391f648c95251466f805f148f1656e940f2027.tar.gz forums-61391f648c95251466f805f148f1656e940f2027.tar.bz2 forums-61391f648c95251466f805f148f1656e940f2027.tar.xz forums-61391f648c95251466f805f148f1656e940f2027.zip | |
[ticket/11259] htmlspecialchars($phpbb_admin_path)
PHPBB3-11259
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/acp/acp_ranks.php | 14 | ||||
| -rw-r--r-- | phpBB/includes/db/dbal.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions_acp.php | 20 | ||||
| -rw-r--r-- | phpBB/install/database_update.php | 4 | ||||
| -rw-r--r-- | phpBB/install/index.php | 4 |
5 files changed, 22 insertions, 22 deletions
diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php index d9ed5b17f1..6b06d03f52 100644 --- a/phpBB/includes/acp/acp_ranks.php +++ b/phpBB/includes/acp/acp_ranks.php @@ -71,7 +71,7 @@ class acp_ranks 'rank_min' => $min_posts, 'rank_image' => htmlspecialchars_decode($rank_image) ); - + if ($rank_id) { $sql = 'UPDATE ' . RANKS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE rank_id = $rank_id"; @@ -122,7 +122,7 @@ class acp_ranks $cache->destroy('_ranks'); add_log('admin', 'LOG_RANK_REMOVED', $rank_title); - + if ($request->is_ajax()) { $json_response = new phpbb_json_response; @@ -151,7 +151,7 @@ class acp_ranks case 'add': $data = $ranks = $existing_imgs = array(); - + $sql = 'SELECT * FROM ' . RANKS_TABLE . ' ORDER BY rank_min ASC, rank_special ASC'; @@ -209,17 +209,17 @@ class acp_ranks 'RANK_TITLE' => (isset($ranks['rank_title'])) ? $ranks['rank_title'] : '', 'S_FILENAME_LIST' => $filename_list, - 'RANK_IMAGE' => ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : $phpbb_admin_path . 'images/spacer.gif', + 'RANK_IMAGE' => ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : htmlspecialchars($phpbb_admin_path) . 'images/spacer.gif', 'S_SPECIAL_RANK' => (isset($ranks['rank_special']) && $ranks['rank_special']) ? true : false, 'MIN_POSTS' => (isset($ranks['rank_min']) && !$ranks['rank_special']) ? $ranks['rank_min'] : 0) ); - + return; break; } - + $template->assign_vars(array( 'U_ACTION' => $this->u_action) ); @@ -241,7 +241,7 @@ class acp_ranks 'U_EDIT' => $this->u_action . '&action=edit&id=' . $row['rank_id'], 'U_DELETE' => $this->u_action . '&action=delete&id=' . $row['rank_id']) - ); + ); } $db->sql_freeresult($result); diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index c2708b09b2..c6a3638f9f 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -852,7 +852,7 @@ class dbal <head> <meta charset="utf-8"> <title>SQL Report</title> - <link href="' . $phpbb_admin_path . 'style/admin.css" rel="stylesheet" type="text/css" media="screen" /> + <link href="' . htmlspecialchars($phpbb_admin_path) . 'style/admin.css" rel="stylesheet" type="text/css" media="screen" /> </head> <body id="errorpage"> <div id="wrap"> diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index 2f3fd7bac0..32fd76e74d 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -82,16 +82,16 @@ function adm_page_header($page_title) 'T_RANKS_PATH' => "{$phpbb_root_path}{$config['ranks_path']}/", 'T_UPLOAD_PATH' => "{$phpbb_root_path}{$config['upload_path']}/", - 'ICON_MOVE_UP' => '<img src="' . $phpbb_admin_path . 'images/icon_up.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />', - 'ICON_MOVE_UP_DISABLED' => '<img src="' . $phpbb_admin_path . 'images/icon_up_disabled.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />', - 'ICON_MOVE_DOWN' => '<img src="' . $phpbb_admin_path . 'images/icon_down.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />', - 'ICON_MOVE_DOWN_DISABLED' => '<img src="' . $phpbb_admin_path . 'images/icon_down_disabled.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />', - 'ICON_EDIT' => '<img src="' . $phpbb_admin_path . 'images/icon_edit.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />', - 'ICON_EDIT_DISABLED' => '<img src="' . $phpbb_admin_path . 'images/icon_edit_disabled.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />', - 'ICON_DELETE' => '<img src="' . $phpbb_admin_path . 'images/icon_delete.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />', - 'ICON_DELETE_DISABLED' => '<img src="' . $phpbb_admin_path . 'images/icon_delete_disabled.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />', - 'ICON_SYNC' => '<img src="' . $phpbb_admin_path . 'images/icon_sync.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />', - 'ICON_SYNC_DISABLED' => '<img src="' . $phpbb_admin_path . 'images/icon_sync_disabled.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />', + 'ICON_MOVE_UP' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_up.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />', + 'ICON_MOVE_UP_DISABLED' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_up_disabled.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />', + 'ICON_MOVE_DOWN' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_down.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />', + 'ICON_MOVE_DOWN_DISABLED' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_down_disabled.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />', + 'ICON_EDIT' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_edit.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />', + 'ICON_EDIT_DISABLED' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_edit_disabled.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />', + 'ICON_DELETE' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_delete.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />', + 'ICON_DELETE_DISABLED' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_delete_disabled.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />', + 'ICON_SYNC' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_sync.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />', + 'ICON_SYNC_DISABLED' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_sync_disabled.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />', 'S_USER_LANG' => $user->lang['USER_LANG'], 'S_CONTENT_DIRECTION' => $user->lang['DIRECTION'], diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 1600b7bd10..7795f8d7f7 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -236,7 +236,7 @@ if ($has_global && !$ga_forum_id) <title><?php echo $lang['UPDATING_TO_LATEST_STABLE']; ?></title> - <link href="<?php echo $phpbb_admin_path; ?>style/admin.css" rel="stylesheet" type="text/css" media="screen" /> + <link href="<?php echo htmlspecialchars($phpbb_admin_path); ?>style/admin.css" rel="stylesheet" type="text/css" media="screen" /> </head> @@ -286,7 +286,7 @@ header('Content-type: text/html; charset=UTF-8'); <title><?php echo $lang['UPDATING_TO_LATEST_STABLE']; ?></title> -<link href="<?php echo $phpbb_admin_path; ?>style/admin.css" rel="stylesheet" type="text/css" media="screen" /> +<link href="<?php echo htmlspecialchars($phpbb_admin_path); ?>style/admin.css" rel="stylesheet" type="text/css" media="screen" /> </head> diff --git a/phpBB/install/index.php b/phpBB/install/index.php index 69e9e7de42..643695ee2b 100644 --- a/phpBB/install/index.php +++ b/phpBB/install/index.php @@ -374,7 +374,7 @@ class module 'L_SELECT_LANG' => $lang['SELECT_LANG'], 'L_SKIP' => $lang['SKIP'], 'PAGE_TITLE' => $this->get_page_title(), - 'T_IMAGE_PATH' => $phpbb_admin_path . 'images/', + 'T_IMAGE_PATH' => htmlspecialchars($phpbb_admin_path) . 'images/', 'S_CONTENT_DIRECTION' => $lang['DIRECTION'], 'S_CONTENT_FLOW_BEGIN' => ($lang['DIRECTION'] == 'ltr') ? 'left' : 'right', @@ -577,7 +577,7 @@ class module echo '<head>'; echo '<meta charset="utf-8">'; echo '<title>' . $lang['INST_ERR_FATAL'] . '</title>'; - echo '<link href="' . $phpbb_admin_path . 'style/admin.css" rel="stylesheet" type="text/css" media="screen" />'; + echo '<link href="' . htmlspecialchars($phpbb_admin_path) . 'style/admin.css" rel="stylesheet" type="text/css" media="screen" />'; echo '</head>'; echo '<body id="errorpage">'; echo '<div id="wrap">'; |