makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/11259] htmlspecialchars($phpbb_admin_path)

Browse source 
PHPBB3-11259
This commit is contained in:
Nathan Guse 2012-12-10 21:16:08 -06:00
parent 30de17f69f
commit 61391f648c
5 changed files with 22 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
phpBB/includes/acp/acp_ranks.php
View file

@ -71,7 +71,7 @@ class acp_ranks
'rank_min' => $min_posts, 'rank_min' => $min_posts,
'rank_image' => htmlspecialchars_decode($rank_image) 'rank_image' => htmlspecialchars_decode($rank_image)
); );
if ($rank_id) if ($rank_id)
{ {
$sql = 'UPDATE ' . RANKS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE rank_id = $rank_id"; $sql = 'UPDATE ' . RANKS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE rank_id = $rank_id";
@ -122,7 +122,7 @@ class acp_ranks
$cache->destroy('_ranks'); $cache->destroy('_ranks');
add_log('admin', 'LOG_RANK_REMOVED', $rank_title); add_log('admin', 'LOG_RANK_REMOVED', $rank_title);
if ($request->is_ajax()) if ($request->is_ajax())
{ {
$json_response = new phpbb_json_response; $json_response = new phpbb_json_response;
@ -151,7 +151,7 @@ class acp_ranks
case 'add': case 'add':
$data = $ranks = $existing_imgs = array(); $data = $ranks = $existing_imgs = array();
$sql = 'SELECT * $sql = 'SELECT *
FROM ' . RANKS_TABLE . ' FROM ' . RANKS_TABLE . '
ORDER BY rank_min ASC, rank_special ASC'; ORDER BY rank_min ASC, rank_special ASC';
@ -209,17 +209,17 @@ class acp_ranks
'RANK_TITLE' => (isset($ranks['rank_title'])) ? $ranks['rank_title'] : '', 'RANK_TITLE' => (isset($ranks['rank_title'])) ? $ranks['rank_title'] : '',
'S_FILENAME_LIST' => $filename_list, 'S_FILENAME_LIST' => $filename_list,
'RANK_IMAGE' => ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : $phpbb_admin_path . 'images/spacer.gif', 'RANK_IMAGE' => ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : htmlspecialchars($phpbb_admin_path) . 'images/spacer.gif',
'S_SPECIAL_RANK' => (isset($ranks['rank_special']) && $ranks['rank_special']) ? true : false, 'S_SPECIAL_RANK' => (isset($ranks['rank_special']) && $ranks['rank_special']) ? true : false,
'MIN_POSTS' => (isset($ranks['rank_min']) && !$ranks['rank_special']) ? $ranks['rank_min'] : 0) 'MIN_POSTS' => (isset($ranks['rank_min']) && !$ranks['rank_special']) ? $ranks['rank_min'] : 0)
); );
return; return;
break; break;
} }
$template->assign_vars(array( $template->assign_vars(array(
'U_ACTION' => $this->u_action) 'U_ACTION' => $this->u_action)
); );
@ -241,7 +241,7 @@ class acp_ranks
'U_EDIT' => $this->u_action . '&action=edit&id=' . $row['rank_id'], 'U_EDIT' => $this->u_action . '&action=edit&id=' . $row['rank_id'],
'U_DELETE' => $this->u_action . '&action=delete&id=' . $row['rank_id']) 'U_DELETE' => $this->u_action . '&action=delete&id=' . $row['rank_id'])
); );
} }
$db->sql_freeresult($result); $db->sql_freeresult($result);

2
phpBB/includes/db/dbal.php
View file

@ -852,7 +852,7 @@ class dbal
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<title>SQL Report</title> <title>SQL Report</title>
<link href="' . $phpbb_admin_path . 'style/admin.css" rel="stylesheet" type="text/css" media="screen" /> <link href="' . htmlspecialchars($phpbb_admin_path) . 'style/admin.css" rel="stylesheet" type="text/css" media="screen" />
</head> </head>
<body id="errorpage"> <body id="errorpage">
<div id="wrap"> <div id="wrap">

20
phpBB/includes/functions_acp.php
View file

@ -82,16 +82,16 @@ function adm_page_header($page_title)
'T_RANKS_PATH' => "{$phpbb_root_path}{$config['ranks_path']}/", 'T_RANKS_PATH' => "{$phpbb_root_path}{$config['ranks_path']}/",
'T_UPLOAD_PATH' => "{$phpbb_root_path}{$config['upload_path']}/", 'T_UPLOAD_PATH' => "{$phpbb_root_path}{$config['upload_path']}/",
'ICON_MOVE_UP' => '<img src="' . $phpbb_admin_path . 'images/icon_up.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />', 'ICON_MOVE_UP' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_up.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />',
'ICON_MOVE_UP_DISABLED' => '<img src="' . $phpbb_admin_path . 'images/icon_up_disabled.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />', 'ICON_MOVE_UP_DISABLED' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_up_disabled.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />',
'ICON_MOVE_DOWN' => '<img src="' . $phpbb_admin_path . 'images/icon_down.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />', 'ICON_MOVE_DOWN' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_down.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />',
'ICON_MOVE_DOWN_DISABLED' => '<img src="' . $phpbb_admin_path . 'images/icon_down_disabled.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />', 'ICON_MOVE_DOWN_DISABLED' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_down_disabled.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />',
'ICON_EDIT' => '<img src="' . $phpbb_admin_path . 'images/icon_edit.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />', 'ICON_EDIT' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_edit.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />',
'ICON_EDIT_DISABLED' => '<img src="' . $phpbb_admin_path . 'images/icon_edit_disabled.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />', 'ICON_EDIT_DISABLED' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_edit_disabled.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />',
'ICON_DELETE' => '<img src="' . $phpbb_admin_path . 'images/icon_delete.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />', 'ICON_DELETE' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_delete.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />',
'ICON_DELETE_DISABLED' => '<img src="' . $phpbb_admin_path . 'images/icon_delete_disabled.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />', 'ICON_DELETE_DISABLED' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_delete_disabled.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />',
'ICON_SYNC' => '<img src="' . $phpbb_admin_path . 'images/icon_sync.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />', 'ICON_SYNC' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_sync.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />',
'ICON_SYNC_DISABLED' => '<img src="' . $phpbb_admin_path . 'images/icon_sync_disabled.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />', 'ICON_SYNC_DISABLED' => '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_sync_disabled.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />',
'S_USER_LANG' => $user->lang['USER_LANG'], 'S_USER_LANG' => $user->lang['USER_LANG'],
'S_CONTENT_DIRECTION' => $user->lang['DIRECTION'], 'S_CONTENT_DIRECTION' => $user->lang['DIRECTION'],

4
phpBB/install/database_update.php
View file

@ -236,7 +236,7 @@ if ($has_global && !$ga_forum_id)
<title><?php echo $lang['UPDATING_TO_LATEST_STABLE']; ?></title> <title><?php echo $lang['UPDATING_TO_LATEST_STABLE']; ?></title>
<link href="<?php echo $phpbb_admin_path; ?>style/admin.css" rel="stylesheet" type="text/css" media="screen" /> <link href="<?php echo htmlspecialchars($phpbb_admin_path); ?>style/admin.css" rel="stylesheet" type="text/css" media="screen" />
</head> </head>
@ -286,7 +286,7 @@ header('Content-type: text/html; charset=UTF-8');
<title><?php echo $lang['UPDATING_TO_LATEST_STABLE']; ?></title> <title><?php echo $lang['UPDATING_TO_LATEST_STABLE']; ?></title>
<link href="<?php echo $phpbb_admin_path; ?>style/admin.css" rel="stylesheet" type="text/css" media="screen" /> <link href="<?php echo htmlspecialchars($phpbb_admin_path); ?>style/admin.css" rel="stylesheet" type="text/css" media="screen" />
</head> </head>

4
phpBB/install/index.php
View file

@ -374,7 +374,7 @@ class module
'L_SELECT_LANG' => $lang['SELECT_LANG'], 'L_SELECT_LANG' => $lang['SELECT_LANG'],
'L_SKIP' => $lang['SKIP'], 'L_SKIP' => $lang['SKIP'],
'PAGE_TITLE' => $this->get_page_title(), 'PAGE_TITLE' => $this->get_page_title(),
'T_IMAGE_PATH' => $phpbb_admin_path . 'images/', 'T_IMAGE_PATH' => htmlspecialchars($phpbb_admin_path) . 'images/',
'S_CONTENT_DIRECTION' => $lang['DIRECTION'], 'S_CONTENT_DIRECTION' => $lang['DIRECTION'],
'S_CONTENT_FLOW_BEGIN' => ($lang['DIRECTION'] == 'ltr') ? 'left' : 'right', 'S_CONTENT_FLOW_BEGIN' => ($lang['DIRECTION'] == 'ltr') ? 'left' : 'right',
@ -577,7 +577,7 @@ class module
echo '<head>'; echo '<head>';
echo '<meta charset="utf-8">'; echo '<meta charset="utf-8">';
echo '<title>' . $lang['INST_ERR_FATAL'] . '</title>'; echo '<title>' . $lang['INST_ERR_FATAL'] . '</title>';
echo '<link href="' . $phpbb_admin_path . 'style/admin.css" rel="stylesheet" type="text/css" media="screen" />'; echo '<link href="' . htmlspecialchars($phpbb_admin_path) . 'style/admin.css" rel="stylesheet" type="text/css" media="screen" />';
echo '</head>'; echo '</head>';
echo '<body id="errorpage">'; echo '<body id="errorpage">';
echo '<div id="wrap">'; echo '<div id="wrap">';