escape more

include/admin/importers/b2evolution.inc.php

@@ -81,7 +81,7 @@ class Serendipity_Import_b2evolution extends Serendipity_Import {
 
         $b2db = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$b2db) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/bblog.inc.php

@@ -83,7 +83,7 @@ class Serendipity_Import_bblog extends Serendipity_Import {
 
         $bblogdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$bblogdb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/bmachine.inc.php

@@ -81,7 +81,7 @@ class Serendipity_Import_bmachine extends Serendipity_Import {
 
         $txpdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$txpdb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/geeklog.inc.php

@@ -87,7 +87,7 @@ class Serendipity_Import_geeklog extends Serendipity_Import {
 
         $gdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$gdb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/lifetype.inc.php

@@ -81,7 +81,7 @@ class Serendipity_Import_lifetype extends Serendipity_Import {
 
         $ltdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$ltdb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/nucleus.inc.php

@@ -84,7 +84,7 @@ class Serendipity_Import_Nucleus extends Serendipity_Import {
 
         $nucdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$nucdb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/nuke.inc.php

@@ -81,7 +81,7 @@ class Serendipity_Import_nuke extends Serendipity_Import {
 
         $nukedb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$nukedb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/phpbb.inc.php

@@ -83,7 +83,7 @@ class Serendipity_Import_phpbb extends Serendipity_Import {
 
         $gdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$gdb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/pivot.inc.php

@@ -69,7 +69,7 @@ class Serendipity_Import_Pivot extends Serendipity_Import {
         if (!is_dir($this->data['pivot_path']) || !is_readable($this->data['pivot_path'])) {
             $check_dir = $serendipity['serendipityPath'] . $this->data['pivot_path'];
             if (!is_dir($check_dir) || !is_readable($check_dir)) {
-                return sprintf(ERROR_NO_DIRECTORY, $this->data['pivot_path']);
+                return sprintf(ERROR_NO_DIRECTORY, htmlspecialchars($this->data['pivot_path']));
             }
             $this->data['pivot_path'] = $check_dir;
         }
@@ -191,7 +191,7 @@ class Serendipity_Import_Pivot extends Serendipity_Import {
             }
             echo '</ul>';
         } else {
-            return sprintf(ERROR_NO_DIRECTORY, $this->data['pivot_path']);
+            return sprintf(ERROR_NO_DIRECTORY, htmlspecialchars($this->data['pivot_path']));
         }
 
         return true;

include/admin/importers/pmachine.inc.php

@@ -84,7 +84,7 @@ class Serendipity_Import_pMachine extends Serendipity_Import {
 
         $pmdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$pmdb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/serendipity.inc.php

@@ -448,7 +448,7 @@ class Serendipity_Import_Serendipity extends Serendipity_Import {
 
         $s9ydb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$s9ydb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/smf.inc.php

@@ -87,7 +87,7 @@ class Serendipity_Import_smf extends Serendipity_Import {
 
         $gdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$gdb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/sunlog.inc.php

@@ -88,7 +88,7 @@ class Serendipity_Import_sunlog extends Serendipity_Import {
 
         $sunlogdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$sunlogdb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/textpattern.inc.php

@@ -87,7 +87,7 @@ class Serendipity_Import_textpattern extends Serendipity_Import {
 
         $txpdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$txpdb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {

include/admin/importers/wordpress-pg.inc.php

@@ -87,7 +87,7 @@ class Serendipity_Import_WordPress_PG extends Serendipity_Import {
 
         $wpdb = pg_connect("$this->data['host'], $this->data['port'], $this->data['user'], $this->data['pass'], $this->data['name']");
         if ( !$wpdb ) {
-            return sprintf(PGSQL_COULDNT_CONNECT, $this->data['pass']);
+            return sprintf(PGSQL_COULDNT_CONNECT, htmlspecialchars($this->data['pass']));
         }
 
         /* Users */

include/admin/importers/wordpress.inc.php

@@ -94,7 +94,7 @@ class Serendipity_Import_WordPress extends Serendipity_Import {
 
         $wpdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
         if (!$wpdb) {
-            return sprintf(COULDNT_CONNECT, $this->data['host']);
+            return sprintf(COULDNT_CONNECT, htmlspecialchars($this->data['host']));
         }
 
         if (!@mysql_select_db($this->data['name'])) {