Changeset:
deef880268e7
https://sourceforge.net/p/mrbs/hg-code/ci/deef880268e72570817b86fc07ab167082098e24
Author:
Campbell Morrison <[email protected]>
Date:
Sun Mar 19 22:07:25 2017 +0000
Log message:
Restricted passing of ids parameter to del_entry_ajax to POST.
diffstat:
web/del_entry_ajax.php | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diffs (12 lines):
diff -r c4d8a3903f61 -r deef880268e7 web/del_entry_ajax.php
--- a/web/del_entry_ajax.php Sun Mar 19 20:57:04 2017 +0000
+++ b/web/del_entry_ajax.php Sun Mar 19 22:07:25 2017 +0000
@@ -36,7 +36,7 @@
}
// Get non-standard form variables
-$ids = get_form_var('ids', 'array');
+$ids = get_form_var('ids', 'array', null, INPUT_POST);
// Check that $ids consists of an array of integers, to guard against SQL
injection
foreach ($ids as $id)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
