Author: sy-records (sy-records) Committer: Nikita Popov (nikic) Date: 2021-10-21T12:36:12+02:00
Commit: https://github.com/php/web-bugs/commit/29b70e2986df56781b902dc51c71c2d6f85dda23 Raw diff: https://github.com/php/web-bugs/commit/29b70e2986df56781b902dc51c71c2d6f85dda23.diff Fix the problem that undefined state status can be used Changed paths: M www/bug.php Diff: diff --git a/www/bug.php b/www/bug.php index c49f69fc..66405fe9 100644 --- a/www/bug.php +++ b/www/bug.php @@ -436,8 +436,12 @@ } } + global $state_types; + $allowed_state_types = array_filter($state_types, function ($var) { + return $var !== 0; + }); // Require comment for open bugs only - if (empty($_POST['in']['status'])) { + if (empty($_POST['in']['status']) || !isset($allowed_state_types[$_POST['in']['status']])) { $errors[] = "You must provide a status"; } else { if ($_POST['in']['status'] == 'Not a bug' && -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
