Changeset 7592

Timestamp:

04/27/09 16:34:43 (4 years ago)

Author:

p_lindheimer

Message:

make sure the requested report display is included in the menu items list, otherwise bogus values can be injected

Files:

• freepbx/branches/2.5/amp_conf/htdocs/admin/reports.php (modified) (2 diffs)

freepbx/branches/2.5/amp_conf/htdocs/admin/reports.php

@@ -32 +32 @@
-}
-
-$display=1;
-if (isset($_REQUEST['display'])) {
-  $display=$_REQUEST['display'];
-}
-
-// setup menu 
-$menu = array(
@@ -45 +40 @@
-  );
-
+if (isset($_REQUEST['display']) && isset($menu[$_REQUEST['display']])) {
+  $display=$_REQUEST['display'];
+} else {
+  $display=1;
+}
+
-// CDR viewer from www.areski.net.  
-// Changes for -- AMP -- commented in: