[geeklog-hg] geeklog: check for proper calendar_type (HTB23143, CWE-79)
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Feb 17 07:58:38 EST 2013
changeset 8941:3c6fd874b6c9
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/3c6fd874b6c9
user: Dirk Haun <dirk at haun-online.de>
date: Sun Feb 17 10:56:56 2013 +0100
description:
check for proper calendar_type (HTB23143, CWE-79)
diffstat:
plugins/calendar/functions.inc | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diffs (13 lines):
diff -r b4be962dc853 -r 3c6fd874b6c9 plugins/calendar/functions.inc
--- a/plugins/calendar/functions.inc Tue Feb 12 17:14:10 2013 -0500
+++ b/plugins/calendar/functions.inc Sun Feb 17 10:56:56 2013 +0100
@@ -688,6 +688,9 @@
if (isset($_POST['calendar_type'])) {
$mode = $_POST['calendar_type'];
+ if (!in_array($mode, array('master', 'personal', 'quickadd'))) {
+ $mode = 'master';
+ }
} else if (isset($_REQUEST['mode']) && ($_REQUEST['mode'] == 'personal')) {
$mode = 'personal';
}
More information about the geeklog-cvs
mailing list