Fix XSS in the database bars

git-svn-id: svn://sql.mit.edu/sql@192 a142d4bd-2cfb-0310-9673-cb33a7e74f58

diff --git a/tpl/main.php b/tpl/main.php
index 89b0432de92fe5ce0030d1d053130558d8e0ac60..2a605ddfd86efdee16255e9f0ac7b4a11d635549 100644 (file)
--- a/tpl/main.php
+++ b/tpl/main.php
@@ -33,7 +33,7 @@ if (isset($i_dropask)) {
                if ($total>0)
                        $percentage = $db['nBytes']/$total;
                else $percentage = 0;
-               echo printBar($percentage, $db['Name'], str_replace(' ', ' ', sprintSize($db['nBytes'])));
+               echo printBar($percentage, htmlentities($db['Name']), str_replace(' ', ' ', sprintSize($db['nBytes'])));
                echo '</td><td>';
                echo '<input type="submit" name="dropask[',htmlentities($db['Name']),']" value="drop">';
                echo '</td></tr>';