diff options
author | Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net> | 2003-02-28 01:13:08 +0000 |
---|---|---|
committer | Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net> | 2003-02-28 01:13:08 +0000 |
commit | 04b00375fef3d6184243c71b2ca7dc7ff5ca4022 (patch) | |
tree | 45f5fe98f90e96522f8d00b65fb728ab5c0506e7 | |
parent | a2889a6c5fe54f2e19cafe02357d822a2e2e3095 (diff) | |
download | forums-04b00375fef3d6184243c71b2ca7dc7ff5ca4022.tar forums-04b00375fef3d6184243c71b2ca7dc7ff5ca4022.tar.gz forums-04b00375fef3d6184243c71b2ca7dc7ff5ca4022.tar.bz2 forums-04b00375fef3d6184243c71b2ca7dc7ff5ca4022.tar.xz forums-04b00375fef3d6184243c71b2ca7dc7ff5ca4022.zip |
Fixed a very potential cross-site scripting issue that would have for sure ended up on security sites.
git-svn-id: file:///svn/phpbb/trunk@3573 89ea8834-ac86-4346-8a33-228a782c2dd0
-rw-r--r-- | phpBB/viewforum.php | 4 | ||||
-rw-r--r-- | phpBB/viewtopic.php | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 8634a4a7a3..6361e86c9b 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -31,8 +31,8 @@ $start = (isset($_GET['start'])) ? max(intval($_GET['start']), 0) : 0; $mark_read = (!empty($_GET['mark'])) ? $_GET['mark'] : ''; $sort_days = (!empty($_REQUEST['st'])) ? max(intval($_REQUEST['st']), 0) : 0; -$sort_key = (!empty($_REQUEST['sk'])) ? $_REQUEST['sk'] : 't'; -$sort_dir = (!empty($_REQUEST['sd'])) ? $_REQUEST['sd'] : 'd'; +$sort_key = (!empty($_REQUEST['sk'])) ? htmlspecialchars($_REQUEST['sk']) : 't'; +$sort_dir = (!empty($_REQUEST['sd'])) ? htmlspecialchars($_REQUEST['sd']) : 'd'; // Start session diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index f1b13702ed..7e3539d469 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -37,8 +37,8 @@ $start = (isset($_GET['start'])) ? max(intval($_GET['start']), 0) : 0; // if someone wishes to screw their view up by entering unknown data // good luck to them :D $sort_days = (!empty($_REQUEST['st'])) ? max(intval($_REQUEST['st']), 0) : 0; -$sort_key = (!empty($_REQUEST['sk'])) ? $_REQUEST['sk'] : 't'; -$sort_dir = (!empty($_REQUEST['sd'])) ? $_REQUEST['sd'] : 'a'; +$sort_key = (!empty($_REQUEST['sk'])) ? htmlspecialchars($_REQUEST['sk']) : 't'; +$sort_dir = (!empty($_REQUEST['sd'])) ? htmlspecialchars($_REQUEST['sd']) : 'a'; // Do we have a topic or post id? |