fmsystem-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fmsystem-commits] [17577] Escape User-Supplied Input

From: sigurdne
Subject: [Fmsystem-commits] [17577] Escape User-Supplied Input
Date: Sun, 14 Jan 2018 06:08:15 -0500 (EST) 
Revision: 17577
          http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=17577
Author:   sigurdne
Date:     2018-01-14 06:08:15 -0500 (Sun, 14 Jan 2018)
Log Message:
-----------
Escape User-Supplied Input

Modified Paths:
--------------
    trunk/booking/inc/class.uiapplication.inc.php

Modified: trunk/booking/inc/class.uiapplication.inc.php
===================================================================
--- trunk/booking/inc/class.uiapplication.inc.php       2018-01-14 10:45:16 UTC 
(rev 17576)
+++ trunk/booking/inc/class.uiapplication.inc.php       2018-01-14 11:08:15 UTC 
(rev 17577)
@@ -618,11 +618,11 @@
                                if ($_POST['contact_email'] != 
$_POST['contact_email2'])
                                {
                                        $errors['email'] = lang('The e-mail 
addresses you entered do not match');
-                                       $application['contact_email2'] = 
$_POST['contact_email2'];
+                                       $application['contact_email2'] = 
phpgw::get_var('contact_email2', 'string', 'POST');
                                }
                                else
                                {
-                                       $application['contact_email2'] = 
$_POST['contact_email2'];
+                                       $application['contact_email2'] = 
phpgw::get_var('contact_email2', 'string', 'POST');
                                }
 
                                foreach ($application['agegroups'] as $ag)
@@ -845,7 +845,7 @@
                                array_set_default($_POST, 'accepted_documents', 
array());
 
                                $application = array_merge($application, 
extract_values($_POST, $this->fields));
-                               $application['message'] = $_POST['comment'];
+                               $application['message'] = 
phpgw::get_var('comment', 'string', 'POST');
                                
$this->agegroup_bo->extract_form_data($application);
                                
$this->extract_customer_identifier($application);
 
@@ -1041,8 +1041,8 @@
                                }
                                elseif ($_POST['comment'])
                                {
-                                       $application['comment'] = 
$_POST['comment'];
-                                       $this->add_comment($application, 
$_POST['comment']);
+                                       $application['comment'] = 
phpgw::get_var('comment', 'string', 'POST');
+                                       $this->add_comment($application, 
$application['comment']);
                                        $update = true;
                                        $notify = true;
                                }
@@ -1049,7 +1049,7 @@
                                elseif ($_POST['status'])
                                {
                                        
$this->check_application_assigned_to_current_user($application);
-                                       $application['status'] = 
$_POST['status'];
+                                       $application['status'] = 
phpgw::get_var('status', 'string', 'POST');
 
                                        if ($application['status'] == 
'REJECTED')
                                        {
reply via email to
[Prev in Thread] Current Thread [Next in Thread]