Relationship_AjaxFunctions.php

ashley Sat, 05 Nov 2011 17:30:02 -0700

https://www.mediawiki.org/wiki/Special:Code/MediaWiki/102133


Revision: 102133
Author:   ashley
Date:     2011-11-06 00:29:54 +0000 (Sun, 06 Nov 2011)
Log Message:
-----------
SocialProfile: as per Markus' in-depth review: wrap $response in an intval() 
call to make the code demonstratably secure

Modified Paths:
--------------
    
trunk/extensions/SocialProfile/UserRelationship/Relationship_AjaxFunctions.php

Modified: 
trunk/extensions/SocialProfile/UserRelationship/Relationship_AjaxFunctions.php
===================================================================
--- 
trunk/extensions/SocialProfile/UserRelationship/Relationship_AjaxFunctions.php  
    2011-11-06 00:17:46 UTC (rev 102132)
+++ 
trunk/extensions/SocialProfile/UserRelationship/Relationship_AjaxFunctions.php  
    2011-11-06 00:29:54 UTC (rev 102133)
@@ -16,7 +16,7 @@
                $rel_type = strtolower( $request[0]['type'] );
 
                $response = ( isset( $_POST['response' ] ) ) ? 
$_POST['response'] : $response;
-               $rel->updateRelationshipRequestStatus( $requestId, $response );
+               $rel->updateRelationshipRequestStatus( $requestId, intval( 
$response ) );
 
                $avatar = new wAvatar( $user_id_from, 'l' );
                $avatar_img = $avatar->getAvatarURL();
@@ -37,5 +37,6 @@
                }
                $rel->deleteRequest( $requestId );
        }
+
        return $out;
 }


_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs

[MediaWiki-CVS] SVN: [102133] trunk/extensions/SocialProfile/UserRelationship/ Relationship_AjaxFunctions.php

Reply via email to