bug 1124: Sanatize properly and make code look better
authorBenny Baumann <BenBE@geshi.org>
Wed, 13 Mar 2013 08:08:42 +0000 (09:08 +0100)
committerBenny Baumann <BenBE@geshi.org>
Wed, 13 Mar 2013 08:08:42 +0000 (09:08 +0100)
pages/account/41.php

index aac45dd..148944a 100644 (file)
@@ -73,8 +73,12 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
        $res = mysql_query($query);
        while($row = mysql_fetch_assoc($res))
        {
-               echo "<option value='".sanitizeHTML($row['locale'])."'";
-               echo ">[".$row['locale']."] ".$row['lang']." - (".$row['country'].")</option>\n";
+               printf("<option value=\"%s\">[%s] %s (%s)</option>\n",
+                       sanitizeHTML($row['locale']),
+                       sanitizeHTML($row['locale']),
+                       sanitizeHTML($row['lang']),
+                       sanitizeHTML($row['country'])
+                       );
        }
 ?>
        </select>