[geeklog-hg] geeklog: check for proper calendar_type (HTB23143, CWE-79)
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Feb 19 12:47:06 EST 2013
changeset 8949:c787e36670d8
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/c787e36670d8
user: Dirk Haun <dirk at haun-online.de>
date: Sun Feb 17 10:56:56 2013 +0100
description:
check for proper calendar_type (HTB23143, CWE-79)
diffstat:
plugins/calendar/functions.inc | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diffs (13 lines):
diff -r 69566ecb0030 -r c787e36670d8 plugins/calendar/functions.inc
--- a/plugins/calendar/functions.inc Tue Feb 12 11:28:16 2013 -0500
+++ b/plugins/calendar/functions.inc Sun Feb 17 10:56:56 2013 +0100
@@ -690,6 +690,9 @@
if (isset($_POST['calendar_type'])) {
$mode = $_POST['calendar_type'];
+ if (!in_array($mode, array('master', 'personal', 'quickadd'))) {
+ $mode = 'master';
+ }
} else if (isset($_REQUEST['mode']) && ($_REQUEST['mode'] == 'personal')) {
$mode = 'personal';
}
More information about the geeklog-cvs
mailing list