From: Glenn H. <thr...@us...> - 2006-01-24 03:50:12
|
Update of /cvsroot/mantisbt/mantisbt/core In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17696/core Modified Files: filter_api.php Log Message: fix for 0006629: Port: code injection - close one register_globals and 2 XSS holes Index: filter_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/filter_api.php,v retrieving revision 1.135 retrieving revision 1.136 diff -u -d -r1.135 -r1.136 --- filter_api.php 15 Jan 2006 02:30:20 -0000 1.135 +++ filter_api.php 24 Jan 2006 03:50:04 -0000 1.136 @@ -814,13 +814,13 @@ $p_page_count = $t_page_count; # Make sure $p_page_number isn't past the last page. - if ( $p_page_number > $t_page_count ) { - $p_page_number = $t_page_count; + if ( $t_page_number > $t_page_count ) { + $t_page_number = $t_page_count; } # Make sure $p_page_number isn't before the first page - if ( $p_page_number < 1 ) { - $p_page_number = 1; + if ( $t_page_number < 1 ) { + $t_page_number = 1; } # Now add the rest of the criteria i.e. sorting, limit. @@ -888,7 +888,7 @@ # for example page number 2, per page 5: # t_offset = 5 $c_per_page = db_prepare_int( $p_per_page ); - $c_page_number = db_prepare_int( $p_page_number ); + $c_page_number = db_prepare_int( $t_page_number ); $t_offset = ( ( $c_page_number - 1 ) * $c_per_page ); # perform query @@ -1031,6 +1031,7 @@ $t_filter = current_user_get_bug_filter(); $t_filter = filter_ensure_valid_filter( $t_filter ); $t_project_id = helper_get_current_project(); + $t_page_number = (int) $p_page_number; $t_view_type = $t_filter['_view_type']; @@ -1055,7 +1056,7 @@ PRINT '<input type="hidden" name="offset" value="0" />'; } ?> - <input type="hidden" name="page_number" value="<?php PRINT $p_page_number ?>" /> + <input type="hidden" name="page_number" value="<?php PRINT $t_page_number ?>" /> <input type="hidden" name="view_type" value="<?php PRINT $t_view_type ?>" /> <?php |