From 7210b38439b4ffef6bc6f3e8a2691e2afcc0421e Mon Sep 17 00:00:00 2001
From: Alex Dehnert <adehnert@mit.edu>
Date: Thu, 7 Apr 2011 00:46:05 +0000
Subject: [PATCH] Fix XSS in the database bars

git-svn-id: svn://sql.mit.edu/sql@192 a142d4bd-2cfb-0310-9673-cb33a7e74f58
---
 tpl/main.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tpl/main.php b/tpl/main.php
index 89b0432..2a605dd 100644
--- a/tpl/main.php
+++ b/tpl/main.php
@@ -33,7 +33,7 @@ if (isset($i_dropask)) {
 		if ($total>0)
 			$percentage = $db['nBytes']/$total;
 		else $percentage = 0;
-		echo printBar($percentage, $db['Name'], str_replace(' ', '&nbsp;', sprintSize($db['nBytes'])));
+		echo printBar($percentage, htmlentities($db['Name']), str_replace(' ', '&nbsp;', sprintSize($db['nBytes'])));
 		echo '</td><td>';
 		echo '<input type="submit" name="dropask[',htmlentities($db['Name']),']" value="drop">';
 		echo '</td></tr>';
-- 
2.45.0