Commit: 904b512d0682bd5edd24cba0c8e1346e92575424 Author: zrhoffman <[email protected]> Sun, 16 Sep 2018 22:16:21 -0500 Committer: Christoph M. Becker <[email protected]> Mon, 17 Sep 2018 13:24:37 +0200 Parents: 039c829b6aa508be418b43b8d618fabecef226f6 Branches: master
Link: http://git.php.net/?p=web/bugs.git;a=commitdiff;h=904b512d0682bd5edd24cba0c8e1346e92575424 Log: search_for: We need to validate string ints with a regex, not a typecast Changed paths: M www/search.php Diff: diff --git a/www/search.php b/www/search.php index 40395f0..2ae7571 100644 --- a/www/search.php +++ b/www/search.php @@ -7,9 +7,8 @@ session_start(); require_once '../include/prepend.php'; // Redirect early if a bug id is passed as search string -$search_for_id = (isset($_GET['search_for'])) ? (int) $_GET['search_for'] : 0; -if ($search_for_id) { - redirect("bug.php?id={$search_for_id}"); +if (isset($_GET['search_for']) && preg_match('/^\d+$/', trim($_GET['search_for']), $search_for_id_array)) { + redirect("bug.php?id=${search_for_id_array[0]}"); } // For bug count only, used in places like doc.php.net -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
