Changeset 7593

Show
Ignore:
Timestamp:
04/27/09 16:54:36 (4 years ago)
Author:
p_lindheimer
Message:

make sure no bogus characters or scripts are injected in a get with the POST/GET variables that reporting uses

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • freepbx/branches/2.5/amp_conf/htdocs/admin/cdr/lib/defines.php

    r6764 r7593  
    9797    if (isset($_POST[$test_var])) {  
    9898      global $$test_var; 
    99       $$test_var = $_POST[$test_var];  
     99      $$test_var = htmlspecialchars($_POST[$test_var]);  
    100100    } elseif (isset($_GET[$test_var])) { 
    101101      global $$test_var;  
    102       $$test_var = $_GET[$test_var]
     102      $$test_var = htmlspecialchars($_GET[$test_var])
    103103    } 
    104104  }