diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2014-09-07 11:41:44 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2014-09-07 11:41:44 +0200 |
| commit | a0ee6ccdf3e8c6fc136687b672b98f8275008b9c (patch) | |
| tree | 26213a4a8886ac053f28638e0472e10891bd77ad /phpBB/includes | |
| parent | 297ab5c5260c37bf4db4f220911b4dc8f4ca2674 (diff) | |
| parent | d5801333f7c3724c82057eeccf522cf32c6a253b (diff) | |
| download | forums-a0ee6ccdf3e8c6fc136687b672b98f8275008b9c.tar forums-a0ee6ccdf3e8c6fc136687b672b98f8275008b9c.tar.gz forums-a0ee6ccdf3e8c6fc136687b672b98f8275008b9c.tar.bz2 forums-a0ee6ccdf3e8c6fc136687b672b98f8275008b9c.tar.xz forums-a0ee6ccdf3e8c6fc136687b672b98f8275008b9c.zip | |
Merge pull request #2925 from nickvergessen/ticket/12983
Ticket/12983 UCP preferences, Display posts ordering by: input is not properly validated
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/ucp/ucp_prefs.php | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index b0a8e8d374..3ff8fe9ada 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -223,11 +223,11 @@ class ucp_prefs $data = array( 'topic_sk' => request_var('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'), 'topic_sd' => request_var('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'), - 'topic_st' => request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? $user->data['user_topic_show_days'] : 0), + 'topic_st' => request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? (int) $user->data['user_topic_show_days'] : 0), 'post_sk' => request_var('post_sk', (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't'), 'post_sd' => request_var('post_sd', (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a'), - 'post_st' => request_var('post_st', (!empty($user->data['user_post_show_days'])) ? $user->data['user_post_show_days'] : 0), + 'post_st' => request_var('post_st', (!empty($user->data['user_post_show_days'])) ? (int) $user->data['user_post_show_days'] : 0), 'images' => request_var('images', (bool) $user->optionget('viewimg')), 'flash' => request_var('flash', (bool) $user->optionget('viewflash')), @@ -254,10 +254,22 @@ class ucp_prefs if ($submit) { $error = validate_data($data, array( - 'topic_sk' => array('string', false, 1, 1), - 'topic_sd' => array('string', false, 1, 1), - 'post_sk' => array('string', false, 1, 1), - 'post_sd' => array('string', false, 1, 1), + 'topic_sk' => array( + array('string', false, 1, 1), + array('match', false, '#(a|r|s|t|v)#'), + ), + 'topic_sd' => array( + array('string', false, 1, 1), + array('match', false, '#(a|d)#'), + ), + 'post_sk' => array( + array('string', false, 1, 1), + array('match', false, '#(a|s|t)#'), + ), + 'post_sd' => array( + array('string', false, 1, 1), + array('match', false, '#(a|d)#'), + ), )); if (!check_form_key('ucp_prefs_view')) |