From e3882844ec985a62ae573bbcf618c08343afc717 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Sat, 22 Sep 2007 18:31:50 +0000
Subject: #i62 - #i65 gone through every javascript invocation and making sure
 we adhere to our coding guidelines.

git-svn-id: file:///svn/phpbb/trunk@8099 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/adm/swatch.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'phpBB/adm/swatch.php')

diff --git a/phpBB/adm/swatch.php b/phpBB/adm/swatch.php
index 9e537290ff..5a5a4e6d5c 100644
--- a/phpBB/adm/swatch.php
+++ b/phpBB/adm/swatch.php
@@ -29,9 +29,16 @@ $template->set_filenames(array(
 	'body' => 'colour_swatch.html')
 );
 
+$form = request_var('form', '');
+$name = request_var('name', '');
+
+// We validate form and name here, only id/class allowed
+$form = (!preg_match('/^[a-z0-9_-]+$/i', $form)) ? '' : $form;
+$name = (!preg_match('/^[a-z0-9_-]+$/i', $name)) ? '' : $name;
+
 $template->assign_vars(array(
-	'OPENER'		=> addslashes(request_var('form', '')),
-	'NAME'			=> request_var('name', ''),
+	'OPENER'		=> $form,
+	'NAME'			=> $name,
 	'T_IMAGES_PATH'	=> "{$phpbb_root_path}images/",
 
 	'S_USER_LANG'			=> $user->lang['USER_LANG'],
-- 
cgit v1.2.1