fix several XSS injection problems with page variable

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@468 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
cweiske 2009-10-29 09:05:37 +00:00
parent 5b91086b54
commit 45feef9f6b
8 changed files with 9 additions and 9 deletions

View file

@ -57,7 +57,7 @@ function displayTag($tag, $uId) {
{ label: 'name', identifier: 'id', items: [
<?php
$json = displayTag(GET_TAG, GET_UID);
$json = displayTag(GET_TAG, intval(GET_UID));
$json = substr($json, 0, -1); // remove final comma avoiding IE6 Dojo bug
echo $json;
?>

View file

@ -57,7 +57,7 @@ function displayTag($tag, $uId) {
{ label: 'name', identifier: 'id', items: [
<?php
$json = displayTag(GET_TAG, GET_UID);
$json = displayTag(GET_TAG, intval(GET_UID));
$json = substr($json, 0, -1); // remove final comma avoiding IE6 Dojo bug
echo $json;
?>

View file

@ -190,7 +190,7 @@ if ($templatename == 'editbookmark.tpl') {
$tplVars['tags'] = POST_TAGS;
} else {
if(GET_COPYOF != '') { //copy from bookmarks page
$tplVars['row'] = $bookmarkservice->getBookmark(GET_COPYOF, true);
$tplVars['row'] = $bookmarkservice->getBookmark(intval(GET_COPYOF), true);
if(!$currentUser->isAdmin()) {
$tplVars['row']['bPrivateNote'] = ''; //only admin can copy private note
}
@ -249,7 +249,7 @@ if ($templatename == 'editbookmark.tpl') {
// Pagination
$perpage = getPerPageCount($currentUser);
if (intval(GET_PAGE) > 1) {
$page = GET_PAGE;
$page = intval(GET_PAGE);
$start = ($page - 1) * $perpage;
} else {
$page = 0;

View file

@ -48,7 +48,7 @@ if ($usecache) {
// Pagination
$perpage = getPerPageCount($currentUser);
if (intval(GET_PAGE) > 1) {
$page = GET_PAGE;
$page = intval(GET_PAGE);
$start = ($page - 1) * $perpage;
} else {
$page = 0;

View file

@ -60,7 +60,7 @@ if ($usecache) {
// Pagination
$perpage = getPerPageCount($currentUser);
if (intval(GET_PAGE) > 1) {
$page = GET_PAGE;
$page = intval(GET_PAGE);
$start = ($page - 1) * $perpage;
} else {
$page = 0;

View file

@ -60,7 +60,7 @@ if (POST_TERMS != '') {
// Pagination
$perpage = getPerPageCount($currentUser);
if (intval(GET_PAGE) > 1) {
$page = GET_PAGE;
$page = intval(GET_PAGE);
$start = ($page - 1) * $perpage;
} else {
$page = 0;

View file

@ -73,7 +73,7 @@ array(filter($sitename .': '. $pagetitle), createURL('rss', 'all/'. filter($cat,
// Pagination
$perpage = getPerPageCount($currentUser);
if (intval(GET_PAGE) > 1) {
$page = GET_PAGE;
$page = intval(GET_PAGE);
$start = ($page - 1) * $perpage;
} else {
$page = 0;

View file

@ -78,7 +78,7 @@ if ($user) {
// Pagination
$perpage = getPerPageCount($currentUser);
if (intval(GET_PAGE) > 1) {
$page = GET_PAGE;
$page = intval(GET_PAGE);
$start = ($page - 1) * $perpage;
} else {
$page = 0;