Revision: 12239
http://sourceforge.net/p/xoops/svn/12239
Author: rgriffith
Date: 2013-12-10 21:44:07 +0000 (Tue, 10 Dec 2013)
Log Message:
-----------
Fix potential security issues reported by Pedro Ribeiro of Agile Information Security.
Modified Paths:
--------------
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/pm/viewpmsg.php
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/pm/viewpmsg.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/pm/viewpmsg.php 2013-12-10 21:35:46 UTC (rev 12238)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/pm/viewpmsg.php 2013-12-10 21:44:07 UTC (rev 12239)
@@ -38,7 +38,7 @@
if (!$GLOBALS['xoopsSecurity']->check()) {
$GLOBALS['xoopsTpl']->assign('errormsg', implode('<br />', $GLOBALS['xoopsSecurity']->getErrors()));
} else if (empty($_REQUEST['ok'])) {
- xoops_confirm(array('ok' => 1, 'delete_messages' => 1, 'op' => $_REQUEST['op'], 'msg_id'=> serialize(array_map("intval", $_POST['msg_id']))), $_SERVER['REQUEST_URI'], _PM_SURE_TO_DELETE);
+ xoops_confirm(array('ok' => 1, 'delete_messages' => 1, 'op' => $_REQUEST['op'], 'msg_id'=> json_encode(array_map("intval", $_POST['msg_id']))), $_SERVER['REQUEST_URI'], _PM_SURE_TO_DELETE);
include $GLOBALS['xoops']->path('footer.php');
exit();
} else {
|
