Merge pull request #6385 from battye/ticket/16871

[ticket/16871] Do not allow negative forum and topic IDs in page_header
2025-06-08 04:18:52 +00:00 · 2022-04-15 23:48:28 +02:00 · 2022-04-15 23:48:28 +02:00 · 9739fabd68
commit 9739fabd68
parent 32ce101541 691a891634
2 changed files with 5 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -35,9 +35,9 @@ phpBB's [Development Documentation](https://area51.phpbb.com/docs/dev/index.html
 ## 🔬 Automated Testing
-We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](https://bamboo.phpbb.com) or check our travis builds below:
+We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](https://bamboo.phpbb.com) or check our GitHub Actions below:
-Branch  | Description | Github Actions |
+Branch  | Description | GitHub Actions |
 ------- | ----------- | -------------- |
 **master** | Latest development version | ![Tests](https://github.com/phpbb/phpbb/workflows/Tests/badge.svg?branch=master) |
 **3.3.x** | Development of version 3.3.x | ![Tests](https://github.com/phpbb/phpbb/workflows/Tests/badge.svg?branch=3.3.x) |
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -3874,8 +3874,9 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		}
 	}
-	$forum_id = $request->variable('f', 0);
+	// Negative forum and topic IDs are not allowed
-	$topic_id = $request->variable('t', 0);
+	$forum_id = max(0, $request->variable('f', 0));
 	$topic_id = max(0, $request->variable('t', 0));
 	$s_feed_news = false;