Commit fce5e1de authored by Chenu Denis's avatar Chenu Denis

Fixed issue #07918: Potential SQL injection with array params

Dev: filter is_string in returnGlobal
parent cd88e576
......@@ -1601,17 +1601,16 @@ function fixMovedQuestionConditions($qid,$oldgid,$newgid) //Function rewrites th
*/
function returnGlobal($stringname)
{
if ($stringname=='sid') // don't read SID from a Cookie
$urlParam=Yii::app()->request->getParam($stringname);
if(!$urlParam && $aCookies=Yii::app()->request->getCookies() && $stringname!='sid')
{
if (isset($_GET[$stringname])) $urlParam = $_GET[$stringname];
if (isset($_POST[$stringname])) $urlParam = $_POST[$stringname];
}
elseif (isset($_REQUEST[$stringname]))
{
$urlParam = $_REQUEST[$stringname];
if(isset($aCookies[$stringname]))
{
$urlParam = $aCookies[$stringname];
}
}
if (isset($urlParam))
if ($urlParam && is_string($urlParam))
{
if ($stringname == 'sid' || $stringname == "gid" || $stringname == "oldqid" ||
$stringname == "qid" || $stringname == "tid" ||
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment