From: Michael Ang
Date: Wed, 23 Sep 2009 02:29:19 +0000 (+0000)
Subject: Escape input params. Tweak conditional print.
X-Git-Url: http://git.rot13.org/?a=commitdiff_plain;h=31cb122fd7228682d9dd1c3bc21f2dd3d4fb5e0a;p=bookreader.git
Escape input params. Tweak conditional print.
---
diff --git a/GnuBookIA/www/print.php b/GnuBookIA/www/print.php
index a06037c..52cbd0c 100644
--- a/GnuBookIA/www/print.php
+++ b/GnuBookIA/www/print.php
@@ -72,7 +72,8 @@ function imageURL($paperAspect, $index, $format, $width, $height) {
'scale' => 1
);
- return "";
+ $_server = htmlspecialchars($server);
+ return "";
}
echo "";
@@ -87,9 +88,9 @@ echo " if (agent.indexOf('safari') != -1) { doPrint = false; }";
echo " if (doPrint) { print(); }";
echo " }";
echo "";
-echo "" . $title . "";
+echo "" . htmlspecialchars($title) . "";
echo "";
-echo " Print
";
+echo " Print
";
echo "";
echo imageURL($paperAspect, $index, $format, $width, $height);
echo "
";