From 75eed8e9aa2d2dfc80c0d23997a908e3eba4f3ea Mon Sep 17 00:00:00 2001
From: =?utf8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Mon, 15 Aug 2011 17:47:46 +0200
Subject: [PATCH] Escape html tags

---
 server_status.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/server_status.php b/server_status.php
index fdc2abd0a3..51d08e06b4 100644
--- a/server_status.php
+++ b/server_status.php
@@ -1383,15 +1383,15 @@ function printVariablesTable()
                 }
             }
             if ('%' === substr($name, -1, 1)) {
-                echo PMA_formatNumber($value, 0, 2) . ' %';
+                echo htmlspecialchars(PMA_formatNumber($value, 0, 2)) . ' %';
             } elseif (strpos($name, 'Uptime')!==FALSE) {
-                echo PMA_timespanFormat($value);
+                echo htmlspecialchars(PMA_timespanFormat($value));
             } elseif (is_numeric($value) && $value == (int) $value && $value > 1000) {
-                echo PMA_formatNumber($value, 3, 1);
+                echo htmlspecialchars(PMA_formatNumber($value, 3, 1));
             } elseif (is_numeric($value) && $value == (int) $value) {
-                echo PMA_formatNumber($value, 3, 0);
+                echo htmlspecialchars(PMA_formatNumber($value, 3, 0));
             } elseif (is_numeric($value)) {
-                echo PMA_formatNumber($value, 3, 1);
+                echo htmlspecialchars(PMA_formatNumber($value, 3, 1));
             } else {
                 echo htmlspecialchars($value);
             }
-- 
2.11.4.GIT