add missing string escapes

don't create <a> tag if LeftLogoLink is empty
NenadGajic · Jul 14, 2010 · 60285cd · 60285cd
1 parent 030abc5
commit 60285cd
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 16 deletions.
diff --git a/libraries/header_scripts.inc.php b/libraries/header_scripts.inc.php
@@ -82,7 +82,7 @@
 // Updates the title of the frameset if possible (ns4 does not allow this)
 if (typeof(parent.document) != 'undefined' && typeof(parent.document) != 'unknown'
     && typeof(parent.document.title) == 'string') {
-    parent.document.title = '<?php echo PMA_sanitize(PMA_escapeJsString($title)); ?>';
+    parent.document.title = '<?php echo PMA_sanitize(PMA_escapeJsString(htmlspecialchars($title))); ?>';
 }
 
 <?php

diff --git a/libraries/navigation_header.inc.php b/libraries/navigation_header.inc.php
@@ -30,22 +30,26 @@
             .'alt="' . $logo . '" id="imgpmalogo" />';
     }
 
-    echo '<div id="pmalogo">' . "\n"
-        .'<a href="' . $GLOBALS['cfg']['LeftLogoLink'];
-    switch ($GLOBALS['cfg']['LeftLogoLinkWindow']) {
-        case 'new':
-            echo '" target="_blank"';
-            break;
-        case 'main':
-            // do not add our parameters for an external link
-            if (substr(strtolower($GLOBALS['cfg']['LeftLogoLink']), 0, 4) !== 'http') {
-                echo '?' . $query_url . '" target="frame_content"';
-            } else {
-                echo '"';
-            }
+    echo '<div id="pmalogo">' . "\n";
+    if ($GLOBALS['cfg']['LeftLogoLink']) {
+        echo '<a href="' . htmlspecialchars($GLOBALS['cfg']['LeftLogoLink']);
+        switch ($GLOBALS['cfg']['LeftLogoLinkWindow']) {
+            case 'new':
+                echo '" target="_blank"';
+                break;
+            case 'main':
+                // do not add our parameters for an external link
+                if (substr(strtolower($GLOBALS['cfg']['LeftLogoLink']), 0, 4) !== '://') {
+                    echo '?' . $query_url . '" target="frame_content"';
+                } else {
+                    echo '" target="_blank"';
+                }
+        }
+        echo '>' . $logo . '</a>' . "\n";
+    } else {
+        echo $logo . "\n";
     }
-    echo '>' . $logo . '</a>' . "\n"
-        .'</div>' . "\n";
+    echo '</div>' . "\n";
 } // end of display logo
 ?>
 <div id="leftframelinks">