Commit fce5e1de authored by Chenu Denis's avatar Chenu Denis

Fixed issue #07918: Potential SQL injection with array params

Dev: filter is_string in returnGlobal
parent cd88e576
...@@ -1601,17 +1601,16 @@ function fixMovedQuestionConditions($qid,$oldgid,$newgid) //Function rewrites th ...@@ -1601,17 +1601,16 @@ function fixMovedQuestionConditions($qid,$oldgid,$newgid) //Function rewrites th
*/ */
function returnGlobal($stringname) function returnGlobal($stringname)
{ {
if ($stringname=='sid') // don't read SID from a Cookie $urlParam=Yii::app()->request->getParam($stringname);
if(!$urlParam && $aCookies=Yii::app()->request->getCookies() && $stringname!='sid')
{ {
if (isset($_GET[$stringname])) $urlParam = $_GET[$stringname]; if(isset($aCookies[$stringname]))
if (isset($_POST[$stringname])) $urlParam = $_POST[$stringname]; {
} $urlParam = $aCookies[$stringname];
elseif (isset($_REQUEST[$stringname])) }
{
$urlParam = $_REQUEST[$stringname];
} }
if (isset($urlParam)) if ($urlParam && is_string($urlParam))
{ {
if ($stringname == 'sid' || $stringname == "gid" || $stringname == "oldqid" || if ($stringname == 'sid' || $stringname == "gid" || $stringname == "oldqid" ||
$stringname == "qid" || $stringname == "tid" || $stringname == "qid" || $stringname == "tid" ||
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment