#
# Security fix for XSS in Web Admin's printer.php (#1362)
# Licensed under the GPLv2
# Olivier Bilodeau <obilodeau@inverse.ca>

# old_revision [4e7b8374a86e26fccebb4adc9385047431f3e1ea]
#
# patch "pf/html/admin/footer.php"
#  from [67a9b2cb5bb74696d168be4ef367111dc975fd77]
#    to [93a8a69e2a07df95ba5cff677273bfd55290b839]
# 
# patch "pf/html/admin/printer.php"
#  from [c1b9ca5e1b9bcbd80a85a025d6960cad9e012765]
#    to [fe3722f9320d6bf1327b5a8b343e0966384a4a8b]
#
============================================================
--- pf/html/admin/footer.php	67a9b2cb5bb74696d168be4ef367111dc975fd77
+++ pf/html/admin/footer.php	93a8a69e2a07df95ba5cff677273bfd55290b839
@@ -21,7 +21,7 @@
  * 
  * @author      Olivier Bilodeau <obilodeau@inverse.ca>
  * @author      Dominik Gehl <dgehl@inverse.ca>
- * @copyright   2008-2011 Inverse inc.
+ * @copyright   2008-2012 Inverse inc.
  * @license     http://opensource.org/licenses/gpl-2.0.php      GPL
  */
 ?>
@@ -53,7 +53,7 @@
                print "<a href=\"javascript:popUp('/exporter.php?current_top=$current_top&amp;current_sub=$current_sub','175','1200')\"><img border=0 src='images/csv.png' alt='Download CSV of this data' title='Download CSV of this data'></a>";
             }
             if(isset($is_printable) && $is_printable){
-               print "<a href='/printer.php?current_top=$current_top&amp;current_sub=$current_sub&amp;img_src=".urlencode($img_src)."' target=_NEW><img border=0 src='images/printer.png' alt='View a Printer Friendly Version' title='View a Printer Friendly Version'></a>";
+               print "<a href='/printer.php?current_top=$current_top&amp;current_sub=$current_sub' target='_blank'><img border=0 src='images/printer.png' alt='View a Printer Friendly Version' title='View a Printer Friendly Version'></a>";
             }
           ?>      
           </td>
============================================================
--- pf/html/admin/printer.php	c1b9ca5e1b9bcbd80a85a025d6960cad9e012765
+++ pf/html/admin/printer.php	fe3722f9320d6bf1327b5a8b343e0966384a4a8b
@@ -1,8 +1,8 @@
 <?php
 /**
- * TODO short desc
+ * printer.php
  *
- * TODO long desc
+ * Outputs table stored in session in a printer friendly format.
  * 
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -19,8 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  * USA.
  * 
+ * @author      Olivier Bilodeau <obilodeau@inverse.ca>
  * @author      Dominik Gehl <dgehl@inverse.ca>
- * @copyright   2008-2010 Inverse inc.
+ * @copyright   2008-2010, 2012 Inverse inc.
  * @license     http://opensource.org/licenses/gpl-2.0.php      GPL
  */
 
@@ -37,12 +38,8 @@
 <body>
 
 <?
-  if($_GET['img_src']){
-    print "<img src='$_GET[img_src]'>";
-  }
 
-
-  else if($_SESSION['table']){
+  if($_SESSION['table']){
     $table = unserialize($_SESSION['table']);
     #if($table->editable){
     #  array_pop($table->headers);
@@ -51,12 +48,16 @@
     print "<div id='printer'>";
     $font_size = set_default($_GET['font_size'], 3);
 
+    # Anti-XSS
+    $font_size = htmlspecialchars($font_size, ENT_QUOTES | ENT_HTML401);
+    $uri = htmlspecialchars($_SERVER[REQUEST_URI], ENT_QUOTES | ENT_HTML401);
+
     if($font_size < 5){
-      print "<a href='".$_SERVER[REQUEST_URI]."&font_size=".($font_size+1)."'><img width='30px' border='0' src='images/big_font.gif' alt='Inbiggin Font'></a>";
+      print "<a href='$uri&font_size=".($font_size+1)."'><img width='30px' border='0' src='images/big_font.gif' alt='Inbiggin Font'></a>";
     }    
     if($font_size > 1){
-      print "<a href='".$_SERVER[REQUEST_URI]."&font_size=".($font_size-1)."'><img width='22px' border='0' src='images/small_font.gif' alt='Smallify Font'></a>";
-    }    
+      print "<a href='$uri&font_size=".($font_size-1)."'><img width='22px' border='0' src='images/small_font.gif' alt='Smallify Font'></a>";
+    }
 
     print "<table border=1 style='border-collapse:collapse;'>";
     print "<tr>";
@@ -72,11 +73,12 @@
       }
       print "</tr>";
     }
-  print "</table>";
-  }
+    print "</table>";
 
+  } else {
+    print "No data";
+  }
 
-
 ?>
 
 <!--<script type="text/javascript">window.print();</script>-->
