From c55212cd14a0d34c1e3030aa3ffe59d592b77dc2 Mon Sep 17 00:00:00 2001
From: ozh <ozh@ozh.org>
Date: Wed, 26 Mar 2014 22:53:36 +0100
Subject: [PATCH] Make sprintf'ed strings sprintf-safe. Fixes #1665.

---
 includes/functions-html.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/functions-html.php b/includes/functions-html.php
index e666ea7..0f61265 100644
--- a/includes/functions-html.php
+++ b/includes/functions-html.php
@@ -461,6 +461,7 @@ function yourls_table_edit_row( $keyword ) {
 		$return = <<<RETURN
 <tr id="edit-$id" class="edit-row"><td colspan="5" class="edit-row"><strong>%s</strong>:<input type="text" id="edit-url-$id" name="edit-url-$id" value="$safe_url" class="text" size="70" /><br/><strong>%s</strong>: $www<input type="text" id="edit-keyword-$id" name="edit-keyword-$id" value="$keyword" class="text" size="10" /><br/><strong>%s</strong>: <input type="text" id="edit-title-$id" name="edit-title-$id" value="$safe_title" class="text" size="60" /></td><td colspan="1"><input type="button" id="edit-submit-$id" name="edit-submit-$id" value="%s" title="%s" class="button" onclick="edit_link_save('$id');" />&nbsp;<input type="button" id="edit-close-$id" name="edit-close-$id" value="%s" title="%s" class="button" onclick="edit_link_hide('$id');" /><input type="hidden" id="old_keyword_$id" value="$keyword"/><input type="hidden" id="nonce_$id" value="$nonce"/></td></tr>
 RETURN;
+        $return = preg_replace( '/%([^s])/', '%%$1', $return ); // make sprintf() safe: '%' -> '%%'
 		$return = sprintf( urldecode( $return ), yourls__( 'Long URL' ), yourls__( 'Short URL' ), yourls__( 'Title' ), yourls__( 'Save' ), yourls__( 'Save new values' ), yourls__( 'Cancel' ), yourls__( 'Cancel editing' ) );
 	} else {
 		$return = '<tr class="edit-row notfound"><td colspan="6" class="edit-row notfound">' . yourls__( 'Error, URL not found' ) . '</td></tr>';
-- 
2.45.0