makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fixed a very potential cross-site scripting issue that would have for sure ended up on security sites.

Browse source 
git-svn-id: file:///svn/phpbb/trunk@3573 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Ludovic Arnaud 2003-02-28 01:13:08 +00:00
parent a2889a6c5f
commit 04b00375fe
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
phpBB/viewforum.php
View file

@ -31,8 +31,8 @@ $start = (isset($_GET['start'])) ? max(intval($_GET['start']), 0) : 0;
$mark_read = (!empty($_GET['mark'])) ? $_GET['mark'] : '';
$sort_days = (!empty($_REQUEST['st'])) ? max(intval($_REQUEST['st']), 0) : 0;
$sort_key = (!empty($_REQUEST['sk'])) ? $_REQUEST['sk'] : 't';
$sort_dir = (!empty($_REQUEST['sd'])) ? $_REQUEST['sd'] : 'd';
$sort_key = (!empty($_REQUEST['sk'])) ? htmlspecialchars($_REQUEST['sk']) : 't';
$sort_dir = (!empty($_REQUEST['sd'])) ? htmlspecialchars($_REQUEST['sd']) : 'd';
// Start session

4
phpBB/viewtopic.php
View file

@ -37,8 +37,8 @@ $start = (isset($_GET['start'])) ? max(intval($_GET['start']), 0) : 0;
// if someone wishes to screw their view up by entering unknown data
// good luck to them :D
$sort_days = (!empty($_REQUEST['st'])) ? max(intval($_REQUEST['st']), 0) : 0;
$sort_key = (!empty($_REQUEST['sk'])) ? $_REQUEST['sk'] : 't';
$sort_dir = (!empty($_REQUEST['sd'])) ? $_REQUEST['sd'] : 'a';
$sort_key = (!empty($_REQUEST['sk'])) ? htmlspecialchars($_REQUEST['sk']) : 't';
$sort_dir = (!empty($_REQUEST['sd'])) ? htmlspecialchars($_REQUEST['sd']) : 'a';
// Do we have a topic or post id?