Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1739

Timestamp:

11/27/06 19:58:53 (6 years ago)

Author:

nahuel

Message:

Correction de l'affichage des noms de fichiers/repertoires qui permettait d'executer du code Javascript dans le brouteur

File:

: 1 edited

alternc/trunk/bureau/admin/bro_main.php (modified) (12 diffs)

Legend:

: Unmodified
: Added
: Removed

alternc/trunk/bureau/admin/bro_main.php

-                      r1721
+                      r1739
 echo "<td><a href=\"";
 echo "bro_editor.php?file=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
 echo "\">".$c[$i]["name"]."</a></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."</a></td>\n";
 echo "  <td>".format_size($c[$i]["size"])."</td>";
 echo "<td>".format_date('%3$d-%2$d-%1$d %4$d:%5$d',date("Y-m-d H:i:s",$c[$i]["date"]))."<br /></td>";
 …
 echo "<td><b><a href=\"";
 echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
 echo "\">".$c[$i]["name"]."/</a></b></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
 echo "  <td>".format_size($c[$i]["size"])."</td>";
 echo "<td>".format_date('%3$d-%2$d-%1$d %4$d:%5$d',date("Y-m-d h:i:s",$c[$i]["date"]))."<br /></td>";
 …
 echo "  <td width=\"28\"><input type=\"checkbox\" class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\" /></td><td><a href=\"";
 echo "bro_editor.php?file=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
 echo "\">".$c[$i]["name"]."</a></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."</a></td>\n";
 echo "  <td>".format_size($c[$i]["size"])."</td><td>";
 $vu=$bro->viewurl($R,$c[$i]["name"]);
 …
 echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
 echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
 echo "\">".$c[$i]["name"]."/</a></b></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
 echo "  <td>".format_size($c[$i]["size"])."</td><td>";
 echo "&nbsp;";
 …
 echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><a href=\"";
 echo "bro_editor.php?file=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
 echo "\">".$c[$i]["name"]."</a></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."</a></td>\n";
 echo "  <td>".format_size($c[$i]["size"])."</td><td>";
 $vu=$bro->viewurl($R,$c[$i]["name"]);
 …
 echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
 echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
 echo "\">".$c[$i]["name"]."/</a></b></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
 echo "  <td>".format_size($c[$i]["size"])."</td><td>";
 echo "&nbsp;";
 …
 echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><a href=\"";
 echo "bro_editor.php?file=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
 echo "\">".$c[$i]["name"]."</a></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."</a></td>\n";
 echo "  <td>".format_size($c[$i]["size"])."</td><td>";
 $vu=$bro->viewurl($R,$c[$i]["name"]);
 …
 echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
 echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
 echo "\">".$c[$i]["name"]."/</a></b></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
 echo "  <td>".format_size($c[$i]["size"])."</td><td>";
 echo "&nbsp;";
 …
 echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><a href=\"";
 echo "bro_editor.php?file=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
 echo "\">".$c[$i]["name"]."</a></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."</a></td>\n";
 echo "  <td>".format_size($c[$i]["size"])."</td><td>";
 $vu=$bro->viewurl($R,$c[$i]["name"]);
 …
 echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
 echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
 echo "\">".$c[$i]["name"]."/</a></b></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
 echo "  <td>".format_size($c[$i]["size"])."</td><td>";
 echo "&nbsp;";
 …
 echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\" name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><a href=\"";
 echo "bro_editor.php?file=".urlencode($c[$i]["name"])."&amp;R=".urlencode($R);
 echo "\">".$c[$i]["name"]."</a></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."</a></td>\n";
 echo "  <td>".format_size($c[$i]["size"])."</td><td>";
 $vu=$bro->viewurl($R,$c[$i]["name"]);
 …
 echo "  <td width=\"28\"><input TYPE=checkbox class=\"inc\"  name=\"d[]\" value=\"".$c[$i]["name"]."\"></td><td><b><a href=\"";
 echo "bro_main.php?R=".urlencode($R."/".$c[$i]["name"]);
 echo "\">".$c[$i]["name"]."/</a></b></td>\n";
+echo "\">".htmlentities($c[$i]["name"])."/</a></b></td>\n";
 echo "  <td>".format_size($c[$i]["size"])."</td><td>";
 echo "&nbsp;";

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 1739

Legend:

alternc/trunk/bureau/admin/bro_main.php

Download in other formats: