$dropdbs = array_keys($i_dropask);
echo '<form method="post" action="', $URI,'">';
foreach($dropdbs as $dbname) {
- $msg1[] = 'Are you sure you want to drop `'.$dbname.'`? <input style="position:absolute; right:20px;" type="submit" name="drop['.$dbname.']" value="Yes">';
+ $msg1[] = 'Are you sure you want to drop `'.htmlentities($dbname).'`? <input style="position:absolute; right:20px;" type="submit" name="drop['.htmlentities($dbname).']" value="Yes">';
}
echo '</form>';
}
<h3>Databases</h3>
<form method="post" action="<?=$URI?>">
+<input type='hidden' name='csrf_token' value='<?php echo $_SESSION['csrf_token']; ?>'>
<?php printErrors($err1); ?>
<?php printMsgs($msg1); ?>
</form>
<table width="100%">
<form method="post" action="<?=$URI?>">
+<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<?php
$bytes = $User->getBytes();
$usage = $bytes['nBytes'];
if ($total>0)
$percentage = $db['nBytes']/$total;
else $percentage = 0;
- echo printBar($percentage, $db['Name'], str_replace(' ', ' ', sprintSize($db['nBytes'])));
+ echo printBar($percentage, htmlentities($db['Name']), str_replace(' ', ' ', sprintSize($db['nBytes'])));
echo '</td><td>';
- echo '<input type="submit" name="dropask[',$db['Name'],']" value="drop">';
+ echo '<input type="submit" name="dropask[',htmlentities($db['Name']),']" value="drop">';
echo '</td></tr>';
}
if ($total>0) {
</table>
<form method="post" action="<?=$URI?>">
-<p align="right"><span style="width: 150px;"><label for="p1">new database:</label></span> <input type="text" name="newdb">
+<p align="right"><span style="width: 150px; font-style: italic;"><label for="p1">new database:</label></span> <?=$Login->getUsername()?>+<input type="text" name="newdb">
+<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type=submit value="add"></p>
</form>
andersk / sql-web.git / blobdiff