[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [17577] Escape User-Supplied Input
From: |
sigurdne |
Subject: |
[Fmsystem-commits] [17577] Escape User-Supplied Input |
Date: |
Sun, 14 Jan 2018 06:08:15 -0500 (EST) |
Revision: 17577
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=17577
Author: sigurdne
Date: 2018-01-14 06:08:15 -0500 (Sun, 14 Jan 2018)
Log Message:
-----------
Escape User-Supplied Input
Modified Paths:
--------------
trunk/booking/inc/class.uiapplication.inc.php
Modified: trunk/booking/inc/class.uiapplication.inc.php
===================================================================
--- trunk/booking/inc/class.uiapplication.inc.php 2018-01-14 10:45:16 UTC
(rev 17576)
+++ trunk/booking/inc/class.uiapplication.inc.php 2018-01-14 11:08:15 UTC
(rev 17577)
@@ -618,11 +618,11 @@
if ($_POST['contact_email'] !=
$_POST['contact_email2'])
{
$errors['email'] = lang('The e-mail
addresses you entered do not match');
- $application['contact_email2'] =
$_POST['contact_email2'];
+ $application['contact_email2'] =
phpgw::get_var('contact_email2', 'string', 'POST');
}
else
{
- $application['contact_email2'] =
$_POST['contact_email2'];
+ $application['contact_email2'] =
phpgw::get_var('contact_email2', 'string', 'POST');
}
foreach ($application['agegroups'] as $ag)
@@ -845,7 +845,7 @@
array_set_default($_POST, 'accepted_documents',
array());
$application = array_merge($application,
extract_values($_POST, $this->fields));
- $application['message'] = $_POST['comment'];
+ $application['message'] =
phpgw::get_var('comment', 'string', 'POST');
$this->agegroup_bo->extract_form_data($application);
$this->extract_customer_identifier($application);
@@ -1041,8 +1041,8 @@
}
elseif ($_POST['comment'])
{
- $application['comment'] =
$_POST['comment'];
- $this->add_comment($application,
$_POST['comment']);
+ $application['comment'] =
phpgw::get_var('comment', 'string', 'POST');
+ $this->add_comment($application,
$application['comment']);
$update = true;
$notify = true;
}
@@ -1049,7 +1049,7 @@
elseif ($_POST['status'])
{
$this->check_application_assigned_to_current_user($application);
- $application['status'] =
$_POST['status'];
+ $application['status'] =
phpgw::get_var('status', 'string', 'POST');
if ($application['status'] ==
'REJECTED')
{
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [17577] Escape User-Supplied Input,
sigurdne <=